Summary: Last week, Apple informed its customers in India that it will no longer store their card information on file and will not be accepting payments made by debit cards and credit cards for purchases or subscriptions on the App store or other Apple services in light of the upcoming RBI regulations. It will still be accepting payments through UPI. The decision of the US giant surprised many. But not those who are scrambling to meet the RBI deadline on tokenisation of cards which is June 30, 2022. Come July 1, merchants, payment aggregators, payment gateways and acquiring banks can no longer store the card details of customers. Only card issuing banks and card networks can store the actual card data. With businesses still reeling with the disruption caused by RBI’s rules for card-based recurring payments that came into effect January 1 this year, another storm is brewing for them. Businesses and other entities that have stored any such data will have to purge them and apply tokenisation. Tokenisation is the replacement of a card number with an alternative code called the “token”. Once created, the tokenised card details will be used in place of the actual card number for online purchases initiated or instructed by the cardholder. A tokenised card transaction is considered safer as the actual card details are not shared with the merchant during transaction processing. It will cut the chances of card information leakage. For transaction tracking and reconciliation purposes, entities can store the last four digits of card number and card issuer’s name. The customer’s consent and OTP-based authentication is required for creating a token. A customer can, however, still choose not to tokenise his or her card. In such a case, customers will have to enter complete card details everytime they make a payment. This could lead to a decline in revenues for merchants as a significant number of conversions happen through saved cards. First RBI deadline to tokenise the card details was June 30, 2021. But at the request of merchants and payment aggregators, as well as card companies and banks, it was extended to December 31, 2021. And the deadline was again extended by six months. Earlier this month, Paytm said it had tokenized 2.8 crore cards across Visa, Mastercard and Rupay, accounting for 80% of monthly active cards on the the app. Other businesses are also nudging users to tokenize their cards in order to enjoy a seamless experience from July 1. For instance, everytime a user opens the Swiggy app, he is greeted with a message at the bottom of the screen to secure his cards before June 30. PayU, Razorpay, PhonePe, Worldline, Cashfree Payments and Pine Labs are among the companies that have come up with tokenisation solutions to help businesses transition to the new framework. Khilan Haria, VP and Head of Payments Product, Razorpay told Business Standard said that Visa, Mastercard, Rupay and Diners Club have gone live on its tokenisation platform with American Expresses expected to go live soon. However, it is not just card networks, but card issuing banks too have to come onboard. With just about five weeks to go, where does the payments ecosystem stand in terms of its preparedness? Speaking to Business Standard, Khilan Haria, VP and Head of Payments Product, Razorpay says, he doesn't expect any large scale disruptions from July 1. According to him, 100% of Razorpay merchants are live on its tokenisation solution, and post tokenisation, card networks are ready to process transactions at scale. Majority of the banks are also expected to be ready, he added. Meanwhile, a lack of compliance by banks with RBI’s rules on recurring payments is already leading to a large number of recurring transaction failures. Razorpay’s Haria said it would take about 6-9 more months for reaching the stabilisation phase where coverage would be near complete. Several banks are yet to integrate with m
