MRC Closed-door Stakeholder Discussion on India Payments Regulation

Merchant Risk Council
May 20, 2022
MRC News

by Úna Dillon, VP Global Expansion and Advocacy, MRC

On 19 May 2022, the MRC held a closed-door discussion on India’s payments regulation on card on file tokenization. With the regulatory deadline of 30 June 2022 looming, the purpose of the meeting was to learn from the group of stakeholders the current state of ecosystem readiness, and to determine appropriate next steps for the Reserve Bank of India (RBI) - India’s financial regulator - to consider. 

Members from across the payments ecosystem - card networks, banks, payment processors, merchants, lawyers, policy specialists, and the regulator - gathered for an engaging hour of productive discussion. Participants talked about how excited they are about the launch of token-based transactions and applauded the RBI’s vision of maintaining consumer safety and trust. 

As the discussion progressed, the group noted the only way to achieve the RBI’s end goal is through demonstrable readiness - to successfully complete both token-based transactions and non-token transactions across use cases and at scale. 

Major use cases like eCommerce payments were discussed (including 1st transaction for all online payments), recurring payments, EMIs, offers, refunds, chargebacks, etc. The state of readiness for each was deliberated - across both provisioning tokens as well as processing transactions based on tokens. Also discussed was what would happen if the customer chose not to tokenize their card, and instead opted to make payments by inserting their card information for each transaction individually. The conversation articulated how in this scenario the transaction would fail, because acquirers wouldn’t be able to store card information post 30 June 2022. 







On tokens, the gaps in the ecosystem were deliberated (beyond use cases and volumes of transactions). Simultaneous provisioning of tokens and processing transactions based on these tokens (i.e., inline token processing) is critical to the success of the token infrastructure, as is the need for scale - i.e., high volumes of consumer transactions successfully being completed simultaneously. While some version of a solution exists in the ecosystem, the requirement for successful implementation right now is more time.

On non-token transactions (guest checkouts, for all eCommerce payments, any transaction where the customer chooses not to tokenize their card), the challenge highlighted was more complex. The card payments infrastructure today requires three entities to store customer card data for the successful settlement, reconciliation, and lifecycle management of consumer card payments - these are the card network, the issuing bank (i.e., the customer’s bank) and the acquiring bank (i.e., the merchant’s bank).

The inability to store card data post 30 June 2022 by acquirers to digital businesses is confusing - especially since, as was highlighted at the meeting, acquirers to physical merchants can store card data. The conflict between the PA/PG guidelines (which permit acquirers to store card data for transaction tracking purposes) and the tokenization rules were also discussed.

Recurring transactions were discussed at length, especially as only seven months ago, subscription merchants and their customers went through a new infrastructure and compliance implementation. The group was concerned about the lack of a permanent solution on recurring transactions. 

On potential quantitative impact - to consumers and to the economy – participants at the meeting advised that RBI figures from Q1 2022 indicate the value of customer card transactions online to be worth about INR 2.04 lakh crore, which would mean at least INR 8 - 10 lakh crore over the year. Therefore, in the absence of successful token and non-token-based transactions, the economic impact would be the sum of this amount.

The group also discussed the qualitative impact through the lens of Apple’s recent move to stop accepting credit and debit cards in India, and whether this was just one example of barriers to accepting cards (due to lack of ecosystem readiness) and minimization of consumer choice. 

There are now only 5-6 weeks before the expiry of the deadline, and based on what was learned during the discussion, the following requests are respectfully asked of the RBI

  • Just as acquirers processing offline payments can store card numbers, please permit acquiring banks to save cards for online transactions as well, to prevent customers across use cases from being marginalized/ unsatisfactorily serviced.

  • Empower merchants to continue serving customers using card data on file until there are token and non-token solutions that are demonstrably ready and tested at scale for all use cases.

The MRC looks forward to continuing our constructive engagement with the RBI on these important topics and remains committed to the new payments ecosystem and its success.


Blue-tinted background of a man watching a webinar

Host a Webinar with the MRC

Help the MRC community stay current on relevant fraud, payments, and law enforcement topics.
Submit a Request

Publish Your Document with the MRC

Feature your case studies, surveys, and whitepapers in the MRC Resource Center.
Submit Your Document

Related Resources

There are no related Events

There are no related Presentations

There are no related Surveys

There are no related Webinars

There are no related Whitepapers

Cookies help us improve your website experience.
By using our website, you agree to our use of cookies.