RBI inability to extend card encryption deadline despite payment failure, revenue loss, bankers say

India’s central bank is unlikely to extend Friday’s deadline for businesses to establish an extra layer of security for consumers’ credit card data even as some concerns persist. about failed payments and lost revenue, bankers and merchants said.

Despite requests from smaller merchants to delay the compliance date, so far there has been no indication from the central bank that an extension is likely, three banking and merchant sources have said. knowledge of the matter told Reuters.

The Reserve Bank of India (RBI) did not respond to an email request for comment.

“The general feeling is that the banks, card networks and (larger) merchants are better prepared and so the push from the ecosystem side for the renewal is not too great and we don’t accept it either. get any indication to propose an extension,” said a banker with a large state-owned bank.

“If it happens, it will be a surprise,” he added.

Three years ago, India embarked on a huge exercise to secure card data by requiring businesses to encrypt cards by September 30.

Tokenisation is a process in which card details are replaced with a unique code or token, generated by an algorithm, allowing online purchases without revealing card details, in order to improve security data.

The RBI first introduced the norms in 2019 and after several renewals ordered all companies in India to delete their saved credit and debit card data from their systems by the date. October 1, 2022.

While banks, card companies and large retailers are getting ready, smaller merchants could be in trouble that they think could lead to a loss of revenue for them in the short term.

Merchant associations have also reached out to the central bank to see if they can be given more time.

Some merchants and bankers are also concerned that card-related transactions may drop in the short term once cryptographic norms are in place.

“The moment an additional or conflicting layer is introduced, payments seem to drop. And there are concerns that they are initially,” said Rohit Kumar, Founding Partner of TQH Consulting, a public policy. I could see periodic declines similar to what we’ve seen,” said Rohit Kumar, Founding Partner of TQH Consulting, a public policy consulting firm.

According to merchants, as the previous cryptographic signing deadline approached, recurring payments failed by 10-15%.

Aside from payments, other things that need to be stress-tested include what happens when a product is returned and other post-transaction flows as the card data will not be stored on the merchant’s servers , said Rajaram Suresh of Boston Consulting Group.

Unlike India, where it has been made mandatory, European stakeholders have been encouraged to use tokenize tokens for security benefits, Suresh added.

However, analysts say that at a time when digital payments are expected to hit the $10 trillion mark (about Rs 8,17,37,500 crore) by 2026, encryption is required. Fraud involving cards or internet transactions is on the rise and accounted for 34.6% of all frauds in FY21, according to central bank data.

“People are used to one-click payments so adoption may take longer and some people may switch to cash but considering this makes online transactions more secure , customers will adopt this way faster without much chaos during this time,” said Jagdish Kumar Senior Vice President, Worldline India.

© Thomson Reuters 2022