Skip to main content

What are restrictions on storage of actual card data?

Reserve Bank of India (RBI) restricts storage of actual card data [i.e. Card-on-File (CoF)] by non-bank payment aggregators and merchants.

What is Card-on-File (CoF)?

Card-on-file (CoF) is the storing of customer card and payment information by a merchant, i.e. keeping card information “on file”.

What are the guidelines on storage of actual card data [i.e. Card-on-File (CoF)]?

No entity in the card transaction / payment chain, other than the card issuers and / or card networks, shall store Card-on-File (CoF) data, and any such data stored previously shall be purged.

From when are the restrictions on storage of actual card data [i.e. Card-on-File (CoF)] applicable?

Reserve Bank of India (RBI) had periodically extended the deadline for effecting the restriction on storage of actual card data [i.e. Card-on-File (CoF)] from June 30, 2021 to September 30, 2022, taking into account the representations received from the stakeholders.

All entities, except card issuers and card networks, are required to purge the CoF data before October 01, 2022.

What relaxations are allowed for “guest checkout transactions”?

For ease of transition to an alternate system in respect of transactions where cardholders decide to enter the card details manually at the time of undertaking the transaction (commonly referred to as “guest checkout transactions”), the following are permitted as an interim measure –

  • Other than the card issuer and the card network, the merchant or its Payment Aggregator (PA) involved in settlement of such transactions, can save the CoF data for a maximum period of T+4 days (“T” being the transaction date) or till the settlement date, whichever is earlier. This data shall be used only for settlement of such transactions, and must be purged thereafter.
  • For handling other post-transaction activities, acquiring banks can continue to store CoF data until January 31, 2023.


References

Reserve Bank of India. (2020, March 17). 'Guidelines on Regulation of Payment Aggregators and Payment Gateways (Updated as on November 17, 2020)'. Retrieved from https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=11822&Mode=0

Reserve Bank of India. (2021, December 23). 'Restriction on storage of actual card data [i.e. Card-on-File (CoF)]'. Retrieved from https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=12211&Mode=0

Reserve Bank of India. (2022, June 24). 'Restriction on Storage of Actual Card Data [i.e. Card-on-File (CoF)]'. Retrieved from https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=12345&Mode=0

Reserve Bank of India. (2022, July 28). 'Restriction on Storage of Actual Card Data [i.e. Card-on-File (CoF)]'. Retrieved from https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=12363&Mode=0


Follow at - Telegram   Instagram   LinkedIn   Twitter

Labels:

Comments

Post a Comment

Popular Posts

Framework for recognition of Self-Regulatory Organisation (SRO) for Payment System Operators (PSOs)

Reserve Bank of India (RBI) had released the framework for recognition of Self-Regulatory Organisation (SRO) for Payment System Operators (PSOs). What is the need of Self-Regulatory Organisation (SRO) for Payment System Operators (PSOs)? Industry self-governance helps in industry-wide smooth operations and ecosystem development. RBI’s Payment and Settlement Systems Vision 2019-21 had, therefore, envisaged the setting up of an SRO for PSOs. Accordingly, the framework for recognition of SRO for PSOs was released in October 2020. What shall be the role of SRO for PSOs? An SRO is a non-governmental organisation that sets and enforces rules and standards relating to the conduct of member entities in the industry, with the aim of protecting the customer and promoting ethical and professional standards.  The SRO is expected to resolve disputes among its members internally through mutually accepted processes to ensure that members operate in a disciplined environment and even accept penal ...
Post a Comment
Read more

Nomination for demat accounts and mutual fund folios

Securities and Exchange Board of India (SEBI) had revised the guidelines on nomination for demat accounts and mutual fund folios.   Which entities are covered by the guidelines? The following regulated entities (REs) are covered by the guidelines – Asset Management Companies (AMCs) of Mutual Funds (MFs) and their Registrars to an issue and share Transfer Agents (RTAs)  Association of Mutual Funds in India (AMFI)  Recognized Depositories  Registered Depository Participants (DPs) What are the guidelines on nomination facility? Nomination shall be mandatory for single holding and optional for jointly held accounts / folios. However, an investor having single holding / account / folio can opt-out of nomination, either online or through physical / offline mode. In case a joint account / folio becomes single holding, post the demise of holders, either nomination or ‘opt-out’, is mandatory. Investors shall have the option to specify guardians when nominees are minors....
Post a Comment
Read more

Reserve Bank of India Act, 1934 – Part-V – Section 45B to 45JA

The Reserve Bank of India Act, 1934 provides the statutory basis of the functioning of the Reserve Bank of India (RBI). In a series of articles, we will briefly go through the provisions of RBI Act, 1934. This is the fifth article in the series.  Chapter IIIA - Collection and Furnishing of Credit Information Section 45B – Power of Bank to collect credit information RBI may collect credit information from banking companies and furnish it to any banking company in accordance with section 45D. Section 45C – Power to call for returns containing credit information RBI may direct any banking company to submit statements relating to credit information. Section 45D – Procedure for furnishing credit information to banking companies A banking company may apply to RBI to provide credit information. RBI shall furnish the requested credit information without disclosing the names of the banking companies which have submitted the information. RBI may levy fees of up to Rs.25 for furnishing credit...
Post a Comment
Read more

Reserve Bank of India Act, 1934 – Part-I – Preamble and Section 1 to 13

The Reserve Bank of India Act, 1934 provides the statutory basis of the functioning of the Reserve Bank of India (RBI). In a series of articles, we will briefly go through the provisions of RBI Act, 1934. This is the first article in the series. Preamble of the Act RBI to – Regulate the issue of bank notes. Keep reserves for monetary stability in India. Operate currency and credit system of the country to its advantage. The primary objective of the monetary policy is to maintain price stability while keeping in mind the objective of growth. Chapter I – Preliminary Section 1 – Short title, extent and commencement 1(1) – This Act may be called the Reserve Bank of India Act, 1934. 1(2) – The Act extends to whole of India. Chapter II - Incorporation, Capital, Management and Business Section 3 – Establishment and incorporation of Reserve Bank 3(1) – RBI to take over management of the currency from the Central Government. 3(2) – RBI to have perpetual succession, common seal, and shall by...
Post a Comment
Read more

Unified Payment Interface (UPI)

Unified Payment Interface (UPI) is one of the popular methods of digital payments. This article covers the important developments regarding UPI. Unified Payment Interface (UPI) Unified Payment Interface (UPI) is an initiative by National Payments Corporation of India (NPCI) together with Reserve Bank of India (RBI) and Indian Banks Association (IBA). UPI allows linking of multiple bank accounts in a single mobile application for real-time bank-to-bank payments using mobile number, virtual payment address (UPI ID) or by scanning a QR code. Benefits of UPI Single application for accessing different bank accounts. Offers peer-to-peer fund transfer, merchant payments and utility bill payments. Allows payments using mobile number; virtual payment address (UPI ID); scanning QR code; bank account number and IFSC; and Aadhaar number. Secured payment with Two Factor authentication. Funds are transferred in real-time (i.e. immediately). Available round the clock i.e. 24*365. Allows both sending ...
Post a Comment
Read more