Restriction on storage of actual card data [i.e. Card-on-File (CoF)] - ربی - Reserve Bank of India
Restriction on storage of actual card data [i.e. Card-on-File (CoF)]
RBI/2021-2022/142 December 23, 2021 All Payment System Providers and Payment System Participants Madam / Dear Sir, Restriction on storage of actual card data [i.e. Card-on-File (CoF)] In terms of our circular DPSS.CO.PD.No.1810/02.14.008/2019-20 dated March 17, 2020 on “Guidelines on Regulation of Payment Aggregators and Payment Gateways”, the authorised non-bank payment aggregators and merchants on-boarded by them were prohibited from storing card data (CoF) from June 30, 2021. At the request of industry stakeholders, this timeline was extended to December 31, 2021 vide circular CO.DPSS.POLC.No.S33/02-14-008/2020-2021 dated March 31, 2021. Further, regulations on CoF Tokenisation (CoFT) were issued vide circular CO.DPSS.POLC.No.S-516/02-14-003/2021-22 dated September 07, 2021 on “Tokenisation – Card Transactions: Permitting Card-on-File Tokenisation (CoFT) Services”. 2. In light of various representations received in this regard, we advise as under:
3. This directive is issued under Section 10 (2) read with Section 18 of Payment and Settlement Systems Act, 2007 (Act 51 of 2007). Yours faithfully, (Sudhanshu Prasad) |