CUTS welcomes RBI move to extend CoF storage deadline

KNN India, December 24, 2021

The Reserve Bank of India (RBI) has extended the deadline by six months, for merchants and other relevant stakeholders, for storing Card on File (CoF) data, i.e., till June 30, 2022; post which such data shall have to be purged.

CUTS welcomed the move, and thanked the RBI for listening to requests made by CUTS in this regard, Pradeep Mehta, Secretary General, Consumer Unity & Trust Society (CUTS) stated.

However, Mehta claimed that this is just half a battle won by consumers. He expressed his keenness to work closely with the RBI in the coming six months, to ensure that CoF tokenisation is operationalised in consumer interest, and in a timely manner. In this regard, generating awareness and building capacity of consumers, issuing FAQs on tokenisation, and publishing status of ecosystem readiness, will be key.

He also stressed upon the need for inclusive stakeholder consultation, and evidence-based regulation making as a way forward. Particularly, issuing a whitepaper prior to a proposed regulatory change, and comprehensive engagements with consumers will be critical to prevent unintended consequences.

Citing the findings of a recent pan-India consumer survey conducted by CUTS, Mehta noted that a substantial number of consumers would have faced inconvenience in making card-based online payments, in case the deadline was not extended.

This had the potential to force them to shift to other modes of payment, including cash on delivery, which could have dented the government’s vision of a digital and cashless India. Detailed findings of the survey are available on CUTS website.

Notably, Mehta had also written an open-letter to the RBI, requesting them to extend the CoF data storage deadline, in light of lack of digital payments ecosystem readiness to implement CoF tokenisation, as an alternative to storing CoF data. The open-letter is available online ‘Dear RBI, don’t penalise consumers and merchants for non-compliance by other stakeholders’.

It is to be noted that the RBI’s circular ‘*Tokenisation – Card Transactions: Permitting Card-on-File Tokenisation (CoFT) Services*’, dated September 7, 2021, read with the ‘*Guidelines on Regulation of Payment Aggregators and Payment Gateways*’, dated March 17, 2020, had barred merchants from storing consumers’ CoFdata, w.e.f. January 1, 2022, and instead permitted CoF tokenisation.

Furthermore, merchants were required to purge the CoF data currently stored with them by the date.

Mehta had earlier lauded the visionary stance of the RBI in permitting CoFT in the interest of promoting safe and secure digital payments for consumers, but had also cautioned against various implementation challenges being faced by merchants, which were likely to delay operationalising CoF tokenisation.


This news item can also be viewed at: