Industry associations representing consumer tech startups and payment companies have welcomed RBI’s move to extend the scope of tokenisation from mobile phones and tablets to include all consumer devices (such as laptops, desktops, wearables, and IoTs etc).
This update comes in the background of an RBI norm that prohibits payment gateways and payment aggregators from storing customer card details. The central bank has given a deadline of January 2022 for stakeholders to comply with this norm and has worried consumer tech start-ups about its impact on consumer’s ease of payments.
Commenting on the new RBI update, IndiaTech, which is an industry association of Indian start-ups including Ola, hike, Makemytrip, and Nykaa among others, welcome the extension of tokenisation to all consumer devices.
However, Rameesh Kailasam, CEO of IndiaTech added that there will continue to be challenges should banks not extend timely support. “Such a regulation should be made mandatory for all banks, it should not be optional as is the case presently. Device tokenization does not support recurring use cases, while COF (card on file) tokens, if allowed, provides strong “merchant cardholder binding” security. Banks should ideally be mandated to do COF tokens. We also look forward to PCI DSS Level 1 (Payment Card Industry Data Security Standard) certified entities being allowed to store card data,” he said.
Further, Vishwas Patel, Chairman of Payment Council of India (PCI), which represents payment companies in India said “we welcome this initiative as facilitation in payments will have to be medium agnostic to enhance customer experience. RBI after due review has permitted this customer experience enhancing measure.”
PCI claims to be closely working with RBI on charting a roadmap of the possible solutions that would not require the industry to enter their card details every time they want to make an online purchase. PCI added that these solutions will adhere to the security checks, controls and frameworks prescribed by RBI.
The central bank’s motive to bring these rules was to guard customer data against the frequent data breach cases in tech companies. Cybercrime cases in India have grown exponentially since the pandemic. As per the data shared by Union minister of State for Home G Kishan Reddy with the Lok Sabha in March, between August 30, 2019 and February 28, 2021, 3.17 lakh cybercrime incidents were registered on National Cyber Crime Reporting Portal in India.