MUMBAI, September 29 India’s central bank is unlikely to extend a Friday deadline for companies to implement an additional layer of security for consumer credit card data, although some concerns remain over failures to payment and revenue losses, according to bankers and traders.
Despite a request from smaller traders to delay the compliance date, there is no indication so far from the central bank that there will likely be an extension of the deadline, three banking and trade sources told Reuters. aware of the case.
The RBI did not respond to an email request for comment.
“The general feeling is that banks, card networks and (larger) merchants are better prepared and therefore the pressure from the ecosystem side for an extension has also not been massive and we have not received no indication to suggest an extension either,” said a banker at a major state-owned bank.
“If that happens, it will be a surprise,” he added.
Three years ago, India embarked on a mammoth exercise to secure card data by forcing companies to tokenize cards through . September 30.
Tokenization is a process by which card details are replaced with a unique, algorithmically generated code or token, enabling online purchases without exposing card details, with the aim of improving data security. .
The RBI first introduced the standards in 2019 and after several extensions ordered all businesses in India to purge stored credit and debit card data from their systems by October 1, 2022.
While banks, card companies and large retailers are prepared, smaller merchants may face issues that they believe could lead to lost revenue for them in the short term.
Trader associations have also approached the central bank to see if they can be given more time.
Some merchants and bankers also fear that card-related transactions will plummet in the short term after the introduction of tokenization standards.
“As soon as an additional layer or friction is introduced, payouts seem to drop. And there is concern that initially we may see a recurring drop to levels similar to what we have seen,” said Rohit Kumar, Founding Partner of TQH Consulting, a public policy firm. consulting firm.
When the previous tokenization deadline approached, recurring payments were failing by 10-15%, according to merchants.
Besides payments, other things that should be stress tested include when a product is returned and other post-transaction flows, as card data will not be stored on merchant servers, said Rajaram Suresh of the Boston Consulting Group.
Unlike India where it was made mandatory, European stakeholders were encouraged to tokenize cards for security benefits, Suresh added.
However, analysts say that at a time when digital payments are expected to hit the $10 trillion mark by 2026, tokenization is imperative. Fraud involving card and internet transactions increased and accounted for 34.6% of total fraud cases in FY21, according to central bank data.
“People are used to one-click payment, so adoption may take longer and some people may switch to cash, but since it makes online transactions more secure, customers will adopt it more. quickly without too much chaos this time around,” said Jagdish Kumar Senior Vice President of Worldline India.