Top technology and internet<\/a> groupings are rushing to petition the country’s central bank seeking delayed implementation of its tokenisation<\/a> mandate that requires online merchants to erase all stored payment details of customers by December 31. Global and local companies represented by trade bodies such as Nasscom and the Alliance of Digital India Foundation<\/a> (ADIF) will seek a phased implementation of the new mandate and a minimum timeframe of two years for the transition, multiple people aware of the developments told ET.
Companies, which fear there will be “large scale” disruption and “mayhem” across online payments platforms beginning on New Year’s Eve, are asking the Reserve Bank of India to “not rush through the tokenisation mandate,” executives said.
“We are asking for more time, no one wants to wake up to mayhem on January 1,” said Sijo Kuruvilla George, executive director of ADIF, which represents companies such as Paytm<\/a> and BharatMatrimony.
Others like the Payments Council of India said the RBI<\/a> mandate calls for “a big systemic change” that requires a smooth transition. It will seek inputs from companies before approaching the RBI this week with a representation, officials said.
An abrupt transition to the new system, which requires all online merchants be it Flipkart, Google<\/a>, Netflix<\/a> or Paytm to wipe out stored card details of all customers by December 31 and take their consent for tokenisation, could shave off close to one-third of the digital industry’s revenues, according to ADIF. The industry grouping estimates this could lead to hundreds of small and medium merchants as well as payment operators being pushed out of business.
In September, the RBI amended its tokenisation framework-- first introduced in March 2020--to include card-on-file data, this according to industry sources is the crux of the problem as they have not been given sufficient time for implementation.
According to the new rules, online shoppers must either key in their card details every time they make a purchase or consent to tokenise their card data through an additional factor of authentication (AFA). Online merchants and payment aggregators can store the last four digits of the actual card number and card issuer’s name, only after receiving specific consent.
Ashish Aggarwal, vice-president-public policy at Nasscom said, “Unless 80% of the cards used can be tokenized, the transition should not be forced.”
Tokenisation is the process of replacing the 16-digit credit or debit card number for mobile and online transactions with a unique digital identification known as a \"token”, which is a random string of 16-digit numbers. It can enable a transaction without disclosing the cardholder's account information to either the merchant or any intermediaries.
“There are huge challenges for merchants. Even if a particular bank or network is ready, it doesn’t translate into readiness of the entire ecosystem,” Aggarwal said
Short timeline<\/strong>
The tokenization mandate will impact both subscriptions as well as one-time payments and will pose a special challenge for online merchants required to process refunds. Hotel operators won't be able to charge a no-show fee in case of a last-minute cancellation, industry members pointed out.
Top technology and internet<\/a> groupings are rushing to petition the country’s central bank seeking delayed implementation of its tokenisation<\/a> mandate that requires online merchants to erase all stored payment details of customers by December 31. Global and local companies represented by trade bodies such as Nasscom and the Alliance of Digital India Foundation<\/a> (ADIF) will seek a phased implementation of the new mandate and a minimum timeframe of two years for the transition, multiple people aware of the developments told ET.
Companies, which fear there will be “large scale” disruption and “mayhem” across online payments platforms beginning on New Year’s Eve, are asking the Reserve Bank of India to “not rush through the tokenisation mandate,” executives said.
“We are asking for more time, no one wants to wake up to mayhem on January 1,” said Sijo Kuruvilla George, executive director of ADIF, which represents companies such as Paytm<\/a> and BharatMatrimony.
Others like the Payments Council of India said the RBI<\/a> mandate calls for “a big systemic change” that requires a smooth transition. It will seek inputs from companies before approaching the RBI this week with a representation, officials said.
An abrupt transition to the new system, which requires all online merchants be it Flipkart, Google<\/a>, Netflix<\/a> or Paytm to wipe out stored card details of all customers by December 31 and take their consent for tokenisation, could shave off close to one-third of the digital industry’s revenues, according to ADIF. The industry grouping estimates this could lead to hundreds of small and medium merchants as well as payment operators being pushed out of business.
In September, the RBI amended its tokenisation framework-- first introduced in March 2020--to include card-on-file data, this according to industry sources is the crux of the problem as they have not been given sufficient time for implementation.
According to the new rules, online shoppers must either key in their card details every time they make a purchase or consent to tokenise their card data through an additional factor of authentication (AFA). Online merchants and payment aggregators can store the last four digits of the actual card number and card issuer’s name, only after receiving specific consent.
Ashish Aggarwal, vice-president-public policy at Nasscom said, “Unless 80% of the cards used can be tokenized, the transition should not be forced.”
Tokenisation is the process of replacing the 16-digit credit or debit card number for mobile and online transactions with a unique digital identification known as a \"token”, which is a random string of 16-digit numbers. It can enable a transaction without disclosing the cardholder's account information to either the merchant or any intermediaries.
“There are huge challenges for merchants. Even if a particular bank or network is ready, it doesn’t translate into readiness of the entire ecosystem,” Aggarwal said
Short timeline<\/strong>
The tokenization mandate will impact both subscriptions as well as one-time payments and will pose a special challenge for online merchants required to process refunds. Hotel operators won't be able to charge a no-show fee in case of a last-minute cancellation, industry members pointed out.
As the RBI has given the banks the choice to tokenise or not, with no penalty imposed on them if they don’t, Nasscom is requesting the banking regulator to allow banks and networks to first test and demonstrate their readiness following which merchants can transition to the new system.
“Expecting merchants to delete all card data in the absence of any viable alternative is not reasonable. RBI needs to publish the status of readiness and review the deadline for tokenization,” Aggarwal said.
RBI did not respond to ET’s queries till press time.
Taking stock<\/strong>
Vishwas Patel, chairman of the Payments Council of India said that while all three networks – Visa, Mastercard<\/a> and Rupay are ready as well as many merchants and banks, there are several others that are yet to be integrated.
“PCI has asked its members to take final stock of the situation and based on their feedback we will take a call in the next two-three days and then write to RBI. This is a big systemic change, and everyone wants a smoother transition,” he said.
Earlier, in its letter sent on December 9, Nasscom had petitioned for a tiered timeline -- requiring issuer banks and card networks to be ready first and then requiring merchants to integrate, test and move from legacy rails to make sure the disruption is limited.
Double whammy<\/strong>
Nasscom is of the view that the short timeline for tokenisation, will mean a double whammy for the digital commerce sector, especially small players who are already “adversely affected due to the recurring payments mandate and are still trying to emerge from it.
RBI’s new rules on recurring payment came into effect from October and allows banks to process auto debit transactions only after they send a pre-debit notification to customers at least 24 hours before the payment. It also requires a separate flow for auto transactions above Rs 5,000 that customers need to authenticate such payments manually with a one-time password (OTP).
Industry bodies contend that the transition will come at the cost of smaller players compared to large businesses that have the resources to put in place such a complex system quickly. To prove its point, Nasscom said that in case of recurring payments, HDFC Bank<\/a> has, as on December 09, 2021, listed 33 merchants on its website that are live with its Merchant Standing Instructions. Neither of these 33 merchants is a SME. Similarly, Yes Bank has a list of 11 merchants who are live; neither is a SME.
“This will concentrate the markets with the bigger players,” ADIF’s George said.
<\/p><\/body>","next_sibling":[{"msid":88401882,"title":"From metaverse to DAOs, a guide to 2021's tech buzzwords","entity_type":"ARTICLE","link":"\/news\/from-metaverse-to-daos-a-guide-to-2021s-tech-buzzwords\/88401882","category_name":null,"category_name_seo":"telecomnews"}],"related_content":[{"msid":"88399169","title":"RBI","entity_type":"IMAGES","seopath":"tech\/technology\/tech-companies-want-two-more-years-for-tokenisation\/rbi","category_name":"Tech companies want two more years for tokenisation","synopsis":false,"thumb":"https:\/\/etimg.etb2bimg.com\/thumb\/img-size-66158\/88399169.cms?width=150&height=112","link":"\/image\/tech\/technology\/tech-companies-want-two-more-years-for-tokenisation\/rbi\/88399169"}],"msid":88401914,"entity_type":"ARTICLE","title":"Tech companies want two more years for tokenisation","synopsis":"Tokenisation is the process of replacing the 16-digit credit or debit card number for mobile and online transactions with a unique digital identification known as a \"token\u201d, which is a random string of 16-digit numbers.","titleseo":"telecomnews\/tech-companies-want-two-more-years-for-tokenisation","status":"ACTIVE","authors":[{"author_name":"Surabhi Agarwal","author_link":"\/author\/479241991\/surabhi-agarwal","author_image":"https:\/\/etimg.etb2bimg.com\/authorthumb\/479241991.cms?width=100&height=100","author_additional":{"thumbsize":false,"msid":479241991,"author_name":"Surabhi Agarwal","author_seo_name":"surabhi-agarwal","designation":"Correspondent","agency":false}}],"analytics":{"comments":0,"views":179,"shares":0,"engagementtimems":895000},"Alttitle":{"minfo":""},"artag":"ET Bureau","artdate":"2021-12-21 07:47:49","lastupd":"2021-12-21 07:48:32","breadcrumbTags":["tokenisation","tech companies","RBI","Alliance of Digital India Foundation","INternet","paytm","google","mastercard","hdfc bank","netflix"],"secinfo":{"seolocation":"telecomnews\/tech-companies-want-two-more-years-for-tokenisation"}}" data-news_link="//www.iser-br.com/news/tech-companies-want-two-more-years-for-tokenisation/88401914">