The MPAI, an association that represents merchants, has asked the Reserve Bank of India (RBI) to resolve issues with recurring payments via tokens before giving effect to the cardless storage rule, three people told ET familiar with development.
“We humbly request that the RBI compel card networks, payment aggregators and payment gateways to share a status report to demonstrate their willingness to perform tokenized transactions in all use cases,” said the MPAI in a letter to the RBI. “We also request that the RBI take appropriate action deemed necessary to ensure that token flow issues for recurring payments are duly addressed, prior to requiring the ecosystem to enforce the cardless storage rule.”
ET saw a copy of the letter to the central bank.
Tokenization is a process where card details are replaced with a unique code or token, allowing online purchases to be made without exposing sensitive card details.
Central bank rules require all merchants to delete customer debit and credit card details by October 1 and replace card payments with unique tokens. Traders meet on Monday, and will likely request an extension of this deadline.
Discover the stories that interest you
Merchants are warning that implementing tokenization without proper preparation will lead to greater disruption to recurring payments, similar to that seen in October last year when the mandate was first introduced.
“As merchants, we don’t know if the upstream partner is ready. Although we have received verbal assurances from our partners, we have not received any sample transactions, nor have we been able to test this on our own platform,” said one of the traders involved in the discussions. “We are concerned that the recurring coin will again face massive disruption.”
The RBI said in July that it would not extend the storage period for card data and ordered all stakeholders except card issuers and card networks to purge customer data before on October 1, 2022. This is the third such expansion in the past 18 months. . As an interim measure, the RBI has allowed merchants and payment aggregators to store card on file (CoF) only for guest payment transactions for a maximum period of transaction date plus four days.
He also said that criminal actions, including the imposition of trade restrictions, will be considered for non-compliance.
While banks and other industry players say they are fully prepared, merchants told the central bank that processing recurring payments remains a difficult exercise due to the multiple steps involved.
The tokenization of cards for such payments requires the creation of mandates, and then this mandate must be migrated to the tokens. The third step of ensuring periodic direct debits from the affected account based on a combination of money order ID and token is also a tricky process, experts say.
“We note that our members who are completely reliant on payment aggregators have had no testing experience on the three items mentioned above to date,” the letter to RBI reads. “Members who have been able to test still only have limited visibility into the effectiveness of recurring payment flows due to less upstream preparation. On the merchant side, access to bank identification numbers ( BIN) of card networks is needed to map mandate IDs and process recurring payments, and progress on this front is also limited.