Reserve Bank of India
Reserve Bank of India (RBI) introduced a new regulation in 2021 affecting subscription merchants. How did the MRC get involved on behalf of the merchants, and what were the results?
India’s financial regulator, the Reserve Bank of India (RBI), introduced new payments regulations, including an eMandate on recurring transactions, effective 30 September 2021, and guidelines relating to card-on-file set to be implemented by 31 December 2021. While the regulations were designed to provide consumer protection, eCommerce merchants operating in India have raised concerns about the deadlines and the lack of time to make the necessary changes and enable compliance. Additional concerns were raised around the merchants’ challenge to manage basic functions such as dispute resolution (chargebacks). If card details can no longer be held, transactions will be more challenging to identify.
The MRC has prioritized advocating for merchants on this topic and, to further that goal, has written to the RBI in September 2021 to ask for the timeline changes to allow time for the preparation of the payments ecosystem for those regulations and to ensure compliance. This was followed by a meeting between merchants, card issuers, PSPs, retail associations, and four representatives from the Indian financial regulator (RBI) in November 2021. It was clear that all participants wanted to collaborate and facilitate enablement across the ecosystem, but they also recognized that all stakeholders needed to cooperate to reach compliance. The MRC followed up with the RBI again after the meeting to highlight concerns raised during the session.
This meeting was an excellent example of how advocacy can increase stakeholder communication and transparency by facilitating a constructive multi-lateral conversation. Test me now.
Initiative Updates
-
The Reserve Bank of India’s (RBI) policies regarding eMandates on recurring transactions and guidelines relating to card-on-file transactions continue to evolve as conversations between local stakeholders and the regulator proceed.
In the latest development, on 16 June, the RBI issued an industry update on the eMandate framework for card-on-file. This update increases the limit for the transaction value requiring an additional factor of authentication, which is a significant boon for merchants operating in India, particularly subscription-based merchants.
Though additional issues still need to be resolved to optimize the balance between security and efficiency in this market, the MRC is excited by this step in the right direction and looks forward to continued cooperation with the regulator and merchants in India.
Additionally, per an announcement from the Reserve Bank of India (RBI), issued on 24 June 2022, the regulator has decided to extend the timeline for storing card-on-file data by three months. This extension indicates that the regulator is listening to and working with the local stakeholders to reach the desired balance of security and efficiency in the region.
RBI’s announcement included the following statements:
- Upon a review of the issues involved and after detailed discussions with all stakeholders, it is observed that considerable progress has been made in terms of token creation. Transaction processing based on these tokens has also commenced, though it is yet to gain traction across all categories of merchants. Further, an alternate system in respect of transactions where cardholders decide to enter the card details manually at the time of undertaking the transaction (commonly referred to as “guest checkout transactions”) has not been implemented by the industry stakeholders so far.
- Given the above, it has been decided to extend the timeline for storing card-on-file data by three months, i.e., till 30 September 2022, after which such data shall be purged.
The Reserve Bank of India’s (RBI) policies regarding eMandates on recurring transactions and guidelines relating to card-on-file transactions continue to evolve as conversations between local stakeholders and the regulator proceed.
In the latest development, on 16 June, the RBI issued an industry update on the eMandate framework for card-on-file. This update increases the limit for the transaction value requiring an additional factor of authentication, which is a significant boon for merchants operating in India, particularly subscription-based merchants.
Though additional issues still need to be resolved to optimize the balance between security and efficiency in this market, the MRC is excited by this step in the right direction and looks forward to continued cooperation with the regulator and merchants in India.
Additionally, per an announcement from the Reserve Bank of India (RBI), issued on 24 June 2022, the regulator has decided to extend the timeline for storing card-on-file data by three months. This extension indicates that the regulator is listening to and working with the local stakeholders to reach the desired balance of security and efficiency in the region.
RBI’s announcement included the following statements:
- Upon a review of the issues involved and after detailed discussions with all stakeholders, it is observed that considerable progress has been made in terms of token creation. Transaction processing based on these tokens has also commenced, though it is yet to gain traction across all categories of merchants. Further, an alternate system in respect of transactions where cardholders decide to enter the card details manually at the time of undertaking the transaction (commonly referred to as “guest checkout transactions”) has not been implemented by the industry stakeholders so far.
- Given the above, it has been decided to extend the timeline for storing card-on-file data by three months, i.e., till 30 September 2022, after which such data shall be purged.
-
On 19 May 2022, the MRC held a closed-door discussion on India’s payments regulation on card-on-file tokenization. With the regulatory deadline of 30 June 2022 looming, the purpose of the meeting was to learn from the group of stakeholders the current state of ecosystem readiness and to determine appropriate next steps for the Reserve Bank of India (RBI), India’s financial regulator, to consider.
This productive discussion between the regulator and industry leaders covered a great deal of ground and ended with two critical requests for the RBI to consider:
- Just as acquirers processing offline payments can store card numbers, acquiring banks should be permitted to save cards for online transactions to prevent customers across use cases from being marginalized/unsatisfactorily serviced.
- Merchants should be empowered to continue serving customers using card data on file until there are token and non-token solutions that are demonstrably ready and tested at scale for all use cases.
Learn more about the details from the closed-door meeting and MRC’s continuing constructive engagement with the RBI.
On 19 May 2022, the MRC held a closed-door discussion on India’s payments regulation on card-on-file tokenization. With the regulatory deadline of 30 June 2022 looming, the purpose of the meeting was to learn from the group of stakeholders the current state of ecosystem readiness and to determine appropriate next steps for the Reserve Bank of India (RBI), India’s financial regulator, to consider.
This productive discussion between the regulator and industry leaders covered a great deal of ground and ended with two critical requests for the RBI to consider:
- Just as acquirers processing offline payments can store card numbers, acquiring banks should be permitted to save cards for online transactions to prevent customers across use cases from being marginalized/unsatisfactorily serviced.
- Merchants should be empowered to continue serving customers using card data on file until there are token and non-token solutions that are demonstrably ready and tested at scale for all use cases.
Learn more about the details from the closed-door meeting and MRC’s continuing constructive engagement with the RBI.
-
The Reserve Bank of India (RBI) has extended the upcoming card payment regulation compliance deadline by six months, from 31 December 2021 to 30 June 2022.
The MRC has been engaging the RBI, merchant members, regulating bodies, and other industry organizations in the country throughout 2021, advocating for an extension to the compliance deadline regarding storing card-on-file (CoF) data and tokenization requirements.
In addition to these discussions, the MRC facilitated a Merchant Round Table meeting with leading retail brands operating in India, also attended by RBI representatives. These efforts, along with a follow-up MRC webinar on the topic delivered by Microsoft and Google, helped inform the Regulator and pave the way for this decision.
Learn more about these updates and the continued efforts of the MRC to act as the voice of the merchant in APAC.
The Reserve Bank of India (RBI) has extended the upcoming card payment regulation compliance deadline by six months, from 31 December 2021 to 30 June 2022.
The MRC has been engaging the RBI, merchant members, regulating bodies, and other industry organizations in the country throughout 2021, advocating for an extension to the compliance deadline regarding storing card-on-file (CoF) data and tokenization requirements.
In addition to these discussions, the MRC facilitated a Merchant Round Table meeting with leading retail brands operating in India, also attended by RBI representatives. These efforts, along with a follow-up MRC webinar on the topic delivered by Microsoft and Google, helped inform the Regulator and pave the way for this decision.
Learn more about these updates and the continued efforts of the MRC to act as the voice of the merchant in APAC.