RBI’s tokenisation deadline: Security upgrade of digital transactions system can’t wait
Premium- A velvet glove approach may not be the way forward in a country with low financial literacy and a poor consumer redressal system
A few years ago, reacting to financial outages-led disruptions in the economy, a UK regulator cracked the whip on financial-market infrastructure firms. The regulator made it mandatory for these consumer-facing firms to identify key business services that if disrupted could hurt consumers or trigger instability in the financial markets. Alongside, they had to put in place impact tolerances, or tolerable limits for each important business service, including the maximum level of disruption which could be tolerated, and the action which would have to be taken to remain within that threshold. The regulator thus ensured that market infrastructure firms had planned for the worst.
A pre-emptive approach to regulation is a question of fine judgement. The Reserve Bank of India (RBI) has postponed the deadline, by another six months to 30 June, for adopting what is called card-on-file tokenisation. As a result, e-commerce and online payment service providers have six more months to transition to a new, safer system for storing credit and debit card details for digital transactions.
Is this a case where the regulatory hammer needs to be wielded? Probably not.
Indian regulators are often blamed for blinking in the face of pressure from either market participants or the sovereign. But the RBI exhorting banks and others to transit to a safer system is a case of the regulator pushing for a security upgrade for digital platforms and online transactions. The RBI doesn’t want card data of customers stored on the servers of merchant establishments, as they do not fall directly under its regulatory purview. It is thus pushing for a new system in which algorithms will generate a distinct token for each transaction. Adding this extra layer of security will lower the risk of online frauds, including incidents of hacking or phishing, and deliver improved safety for users of e-commerce or online payment services. Once in place, the safer system is bound to bolster public confidence in digital banking. It is against that backdrop that the Indian central bank chief recently flagged off cyber security and digital frauds as major areas of concern.
There is also another view out there that leans more towards light-touch regulation in the payments segment. But a velvet glove approach may not be the way forward in a country with low financial literacy and a poor consumer redressal system. Digital transactions have grown exponentially, including in tier two and three cities. At the current pace of adoption, digital transactions could top one billion by 2025. It can be argued that digital transactions and the payment systems supporting them are the new-age essential services.
Since the merchants are out of its regulatory purview, as it is the banks that deal with them, the RBI can only nudge banks to incentivise them to bear the additional costs for the security upgradation it wants. Even India’s largest banks have far too long invested too little in technology. It makes business sense for banks to get serious about transitioning to digital transactions system that is safer, more secure for users. Such a system would be somewhat like a public good. Safer the system, faster the growth in adoption and the returns from this business.
Stress testing or operational resilience cannot be an exercise in ticking boxes. Ultimately, the system—i.e. the regulators, firms and the government—has to deliver safety. Indian consumers have no recourse to an overarching and swift dispute resolution system. The presence of multiple regulators in the financial and other sectors pose complexities. All the regulators involved have twin mandates: fostering the growth of the industry along with oversight. Consumer protection and interests aren’t the core area of regulation. Judicial delays don’t help. Putting in place an effective consumer dispute and grievance resolution system, therefore, is the next frontier.
Never miss a story! Stay connected and informed with Mint. Download our App Now!!