Safer gateways: Why RBI wants you to remember your debit, credit card details

The Reserve Bank of India’s (RBI) regulation that prevents payment aggregators and merchants from storing the information of a customer’s card on their servers or databases is likely to come into effect in January 2022. On Friday, the central bank rejected an opposing proposal made by payment gateway companies. These companies currently operate by storing the card holder’s details and asking them to only authenticate transactions with CVV (card verification value) and a one-time password (OTP).

Also read: India Ratings lowers GDP growth; links slow pace of COVID-19 vaccination

This means, if RBI’s regulation falls through, credit and debit cardholders in India will have to enter the 16-digit card number, the expiry date and the CVV for every transaction.

Payment processes are likely to slow down with this change. However, the RBI aims to secure the card information and ensure customer safety by avoiding hacks, breaches, and cyber risks. The Reserve Bank’s stand has been opposed by the Payments Council of India (PCI), which recommends alternative solutions.  

Also read: CredAvenue eyes monthly co-lending transaction of Rs 500 cr by 2022

The RBI had first introduced guidelines for payment gateways and payment aggregators barring merchants from storing customer cards and related data on their servers in March 2020. As per reports, the central bank wanted to bring in the new guidelines in July but had to postpone it by six months due to banks not being ready for it yet.

In February 2021, Indian IT lobby NASSCOM, in a letter to the RBI, opposed the regulations. “Without card data, merchants will not be able to perform basic functions such as resolution of consumer complaints or disputes, consumer service and speedy resolution of refunds requests, and will be completely dependent upon pay aggregators and banks to provide the same,” the letter read. NASSCOM proposed that the RBI could develop a framework to store card data that encompasses security measures, reporting requirements and governance mechanisms as per its requirements.

Also read: Regulators worried as banks rely on Big Tech for cloud services

However, Unified Payments Interface (UPI) –  a system that powers multiple bank accounts into a single mobile application, is expected to stay in place. Customers, the ones with debit cards, might find it much easier to use UPI for paying on merchant platforms.