RBI: Relaxations in Card Storage Norms

Reserve Bank of India (RBI) recently revised its guidelines on payment aggregators as well as reopened the window to grant licences until September 30, 2022. Before the new guidelines, online non-bank payment aggregators (PAs) were needed to apply to RBI by September 30, 2021 to get authorisation under Payment and Settlement Systems Act, 2007.

Highlights of the revised guidelines include;

  • RBI also revised norms related to card storage. Now, RBI does not allow non-banks from storing card information.
  • As per new rules, merchant or its payment aggregator will be allowed to save card data for a period of up to four days from transaction date or till the settlement date, or whichever is earlier.
  • Stored data can only be used to settle such transactions and must be removed thereafter.
  • Relaxation in the card storage norms will provide for smooth transition to an alternate system, with respect to transactions where cardholders submit their card details manually.

Card tokenization:

Card tokenization has started for customers who do not wish to manually enter card numbers every time they make a purchase. On the other hand, E-commerce websites have been mandated to temporarily store numbers for customers who enter card details manually while checking out. Apart from merchants and PAs, acquiring banks have been mandated to store the card data until January 31, 2023. The deadline for the ban on card storage norms is October 1, 2022.




Latest E-Books