Bank, e-tailers scramble to comply with RBI’s card data storage norms

Banks and e-commerce merchants are racing against time to implement the RBI’s mandate on card storage norms. Some e-commerce merchants are finding it an obstacle because compliance requires readiness by multiple entities in the transaction chain who are in various stages of preparedness.

According to a senior executive in a payment processing organization, the industry may seek a relaxation of the deadline. However, the central bank is taking a hard stance and an extension looks unlikely at present. The RBI’s mandate is that from January 1, no merchant can store a customer’s card numbers in its system.

Several merchants have started complying, which is why clients are getting an option during payment, asking them whether they would like to store their card in a secured manner. Merchants offering this option are already compliant with the new norms. From January 1, merchants who do not offer this option or clients who do not choose this feature will have to key in the card’s details.

Payment aggregators have moved fast to launch a service that enables a merchant to ask banks to store a customer’s card details and receive a token representing the card. This token will enable the merchant to allow customers to make future payments without entering the card number again. According to the industry experts there are at least four entities here the merchant acquiring bank, the payment network, the payment gateway, and card issuing bank.