Skip to main content

What are restrictions on storage of actual card data?

Reserve Bank of India (RBI) restricts storage of actual card data [i.e. Card-on-File (CoF)] by non-bank payment aggregators and merchants.

What is Card-on-File (CoF)?

Card-on-file (CoF) is the storing of customer card and payment information by a merchant, i.e. keeping card information “on file”.

What are the guidelines on storage of actual card data [i.e. Card-on-File (CoF)]?

No entity in the card transaction / payment chain, other than the card issuers and / or card networks, shall store Card-on-File (CoF) data, and any such data stored previously shall be purged.

From when are the restrictions on storage of actual card data [i.e. Card-on-File (CoF)] applicable?

Reserve Bank of India (RBI) had periodically extended the deadline for effecting the restriction on storage of actual card data [i.e. Card-on-File (CoF)] from June 30, 2021 to September 30, 2022, taking into account the representations received from the stakeholders.

All entities, except card issuers and card networks, are required to purge the CoF data before October 01, 2022.

What relaxations are allowed for “guest checkout transactions”?

For ease of transition to an alternate system in respect of transactions where cardholders decide to enter the card details manually at the time of undertaking the transaction (commonly referred to as “guest checkout transactions”), the following are permitted as an interim measure –

  • Other than the card issuer and the card network, the merchant or its Payment Aggregator (PA) involved in settlement of such transactions, can save the CoF data for a maximum period of T+4 days (“T” being the transaction date) or till the settlement date, whichever is earlier. This data shall be used only for settlement of such transactions, and must be purged thereafter.
  • For handling other post-transaction activities, acquiring banks can continue to store CoF data until January 31, 2023.


References

Reserve Bank of India. (2020, March 17). 'Guidelines on Regulation of Payment Aggregators and Payment Gateways (Updated as on November 17, 2020)'. Retrieved from https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=11822&Mode=0

Reserve Bank of India. (2021, December 23). 'Restriction on storage of actual card data [i.e. Card-on-File (CoF)]'. Retrieved from https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=12211&Mode=0

Reserve Bank of India. (2022, June 24). 'Restriction on Storage of Actual Card Data [i.e. Card-on-File (CoF)]'. Retrieved from https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=12345&Mode=0

Reserve Bank of India. (2022, July 28). 'Restriction on Storage of Actual Card Data [i.e. Card-on-File (CoF)]'. Retrieved from https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=12363&Mode=0


Follow at - Telegram   Instagram   LinkedIn   Twitter

Labels:

Comments

Post a Comment

Popular Posts

Export and Import of Goods and Services

Reserve Bank of India (RBI) has issued regulations on export and import of goods and services. What are the regulations for declaration of exports? An exporter of goods shall furnish to the specified authority, a declaration in the Export Declaration Form (EDF) specifying the amount representing the full export value of goods, at the time of export. EDF will be deemed to be submitted as part of shipping bill for goods exported through Electronic Data Interchange (EDI) port. An exporter of services shall furnish to the specified authority, a declaration in EDF specifying the amount representing the full export value of services, within 30 days from the end of month in which invoice for services has been raised. The exporter of services who has exported services to one or more recipients in a month, may submit a single EDF for all such exports. The exporter of services other than software, may submit an EDF on or before the date of receipt of payment. In the case of a non-EDI port for ex...
Post a Comment
Read more

Digital Payments Awareness Week 2026

Reserve Bank of India (RBI) is observing digital payments awareness week from March 09 to 15, 2026. Digital Payments Awareness Week (DPAW) Digital Payments Awareness Week (DPAW) is an initiative to highlight the impact and importance of digital payments and to create awareness about safe usage of digital payment products.  Digital Payments Awareness Week (DPAW) 2026 Reserve Bank of India (RBI) is observing DPAW 2026 from March 09 to 15, 2026.  Under the mission ‘Har Payment Digital’, the theme for the current year is ‘Thoda Dhyan Se’ (be alert/ be careful). The theme emphasises the safe use of digital payments. ‘Har Payment Digital’ mission RBI had launched the mission ‘Har Payment Digital’ on the occasion of the DPAW 2023. This is part of RBI’s endeavour to make every person in India a user of digital payments. Previous Digital Payments Awareness Weeks (DPAWs) Year Theme 2025 ‘India Pays Digitally’ under the mission ‘Har Payment Digital’ ...
Post a Comment
Read more

FEMA - Regulations on Guarantees

Reserve Bank of India (RBI) had issued regulations governing guarantees under the Foreign Exchange Management Act, 1999 (FEMA). What is a guarantee? A guarantee, including a counter-guarantee, means a contract, by whatever name called, to perform the promise, or discharge a debt, obligation or other liability (including a portfolio of debts, obligations or other liabilities), in the event of default by the principal debtor. Who are the participants in a guarantee transaction? Principal debtor – a person in respect of whose default the guarantee is given. Surety – a person who gives a guarantee. Creditor – a person to whom the guarantee is given. When can a person resident in India act as surety / principal debtor? A person resident in India may act as a surety / principal debtor for a guarantee, subject to conditions that – The underlying transaction for which the guarantee is being given or arranged is not prohibited under FEMA guidelines. The surety and the principal debtor are eligi...
Post a Comment
Read more

Priority Sector Lending (PSL) guidelines (updated as on January 19, 2026)

Reserve Bank of India (RBI) has issued the revised guidelines on Priority Sector Lending (PSL) which has come into effect from April 01, 2025.  To whom does Priority Sector Lending (PSL) guidelines apply? Priority Sector Lending (PSL) guidelines apply to – Commercial Bank [including Regional Rural Bank (RRB), Small Finance Bank (SFB), Local Area Bank (LAB)] Primary (Urban) Co-operative Bank (UCB) other than Salary Earners’ Bank  What are the categories under PSL? The categories under priority sector are as follows – Agriculture Micro, Small and Medium Enterprises Export Credit Education Housing Social Infrastructure Renewable Energy Others What are the PSL targets for banks? The targets and sub-targets set under PSL, to be computed on the basis of the Adjusted Net Bank Credit (ANBC) / Credit Equivalent of Off-Balance Sheet Exposures (CEOBSE) as applicable as on the corresponding date of the preceding year are as below – Categories Total Priority Sector ...
Post a Comment
Read more

Unique Transaction Identifier (UTI) for OTC Derivative Transactions

Reserve Bank of India (RBI) has issued directions on Unique Transaction Identifier (UTI) for over-the-counter (OTC) derivative transactions. What are the existing norms for reporting of OTC derivative transactions? At present, all transactions in OTC markets for rupee interest rate derivatives, forward contracts in Government securities, foreign currency derivatives, foreign currency interest rate derivatives, and credit derivatives are reported to the Trade Repository managed by Clearing Corporation of India Limited (CCIL-TR).  What are the directions on Unique Transaction Identifier (UTI) for OTC derivative transactions? Unique Transaction Identifier (UTI), a unique identifier assigned to an OTC derivative transaction, shall be generated / reported for all transactions in OTC derivatives market.  The directions shall be applicable to OTC derivative transactions entered into on or after January 01, 2027. UTI shall be generated in accordance with the UTI Technical Guidanc...
Post a Comment
Read more