Mumbai: The Merchant Payments Alliance of India (MPAI) and the Alliance of Digital India Foundation (ADIF) have urged RBI to extend its 31 December deadline for implementation of the new tokenisation norm.
The two industry bodies have come together to raise their concerns over industry readiness on the recent Reserve Bank of India (RBI) directive on card-on-file tokenisation (CoF). They have written to the Central bank requesting an extension of the December 31 deadline for implementation of card data storage norms.
While the RBI’s objective of ensuring security and reducing fraud from the payment ecosystem through this policy change is a step in the right direction. In their letter to RBI, MPAI and ADIF have highlighted several operational challenges that will hinder the transition to the token-based payments ecosystem.
This policy change affects three major players: banks, intermediary payment systems, and merchants.
“Merchants cannot start the testing and certification of their payment processing systems until banks, card networks, and PA/PGs are certified and live with stable APIs for consumer-ready solutions,” the joint letter noted.
The two bodies have sought a phased implementation of the new mandate, a minimum time frame of six months for merchants to comply post readiness of banks, card networks, and payment aggregators/payment gateways.
Along with more consumer awareness about the impact of the policy change. They pointed that RBI regulated entities are unprepared, in the absence of a hard mandate to comply.
The RBI had in September 2021 prohibited merchants from storing customer card details on their servers with effect from January 01, 2022, and mandated the adoption of CoF tokenization as an alternative to card storage.
MPAI and ADIF believe that if implemented in the present state of readiness, the new RBI mandate could cause major disruptions and loss of revenue, especially for merchants.
“Disruptions of this nature erode trust in digital payments and reverse consumer habits back towards cash-based payments,” the letter said.
MPAI and ADIF are of the view that ‘ecosystem readiness’ is a sequential process of going live with stable API documentation for tokenised transactions.
Moreover, in the joint letter, they have highlighted that the digital payments ecosystem is a long way from consumer-ready solutions and that the implementation of tiered timelines for compliance will help minimize disruption to consumer services. Unless regulated entities are compliant, merchants will not be able to successfully process tokenised transactions.
In the scenario that banks are lax on preparedness, the brunt of that will be borne by merchants in the form of loss of revenue, according to Sijo Kuruvilla George, Executive Director – Alliance of Digital India Foundation,
“We are looking at revenues losses of anywhere between 20-40% at the minimum should that be the case. It’s also important to note that it’s only after the banks’ readiness, card networks and API’s are made available that merchants are even able to take effective measures on their part to comply,” added George.
“This unpreparedness will impact recent digital payments adopters even deeply. The frequency and intensity of phishing attempts will go as entire card details are to be entered for each transaction, causing a significant increase in irreversible fraudulent transactions,” said Vishal Mehta, Chair of the Governing Council of the MPAI.