Skip to main content

What are restrictions on storage of actual card data?

Reserve Bank of India (RBI) restricts storage of actual card data [i.e. Card-on-File (CoF)] by non-bank payment aggregators and merchants.

What is Card-on-File (CoF)?

Card-on-file (CoF) is the storing of customer card and payment information by a merchant, i.e. keeping card information “on file”.

What are the guidelines on storage of actual card data [i.e. Card-on-File (CoF)]?

No entity in the card transaction / payment chain, other than the card issuers and / or card networks, shall store Card-on-File (CoF) data, and any such data stored previously shall be purged.

From when are the restrictions on storage of actual card data [i.e. Card-on-File (CoF)] applicable?

Reserve Bank of India (RBI) had periodically extended the deadline for effecting the restriction on storage of actual card data [i.e. Card-on-File (CoF)] from June 30, 2021 to September 30, 2022, taking into account the representations received from the stakeholders.

All entities, except card issuers and card networks, are required to purge the CoF data before October 01, 2022.

What relaxations are allowed for “guest checkout transactions”?

For ease of transition to an alternate system in respect of transactions where cardholders decide to enter the card details manually at the time of undertaking the transaction (commonly referred to as “guest checkout transactions”), the following are permitted as an interim measure –

  • Other than the card issuer and the card network, the merchant or its Payment Aggregator (PA) involved in settlement of such transactions, can save the CoF data for a maximum period of T+4 days (“T” being the transaction date) or till the settlement date, whichever is earlier. This data shall be used only for settlement of such transactions, and must be purged thereafter.
  • For handling other post-transaction activities, acquiring banks can continue to store CoF data until January 31, 2023.


References

Reserve Bank of India. (2020, March 17). 'Guidelines on Regulation of Payment Aggregators and Payment Gateways (Updated as on November 17, 2020)'. Retrieved from https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=11822&Mode=0

Reserve Bank of India. (2021, December 23). 'Restriction on storage of actual card data [i.e. Card-on-File (CoF)]'. Retrieved from https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=12211&Mode=0

Reserve Bank of India. (2022, June 24). 'Restriction on Storage of Actual Card Data [i.e. Card-on-File (CoF)]'. Retrieved from https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=12345&Mode=0

Reserve Bank of India. (2022, July 28). 'Restriction on Storage of Actual Card Data [i.e. Card-on-File (CoF)]'. Retrieved from https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=12363&Mode=0


Follow at - Telegram   Instagram   LinkedIn   Twitter

Comments

Popular Posts

Highlights of RBI Annual Report 2023-24 – Chapter 7 to 12

Reserve Bank of India (RBI) has published its annual report for the financial year 2023-24. In a series of articles, we will go through the highlights of the report. This is the fifth and last article in the series.  Chapter 7 – Public Debt Management Ways And Means Advances (WMA) limit for the Government of India (GoI) for H1:2023-24 (April to September 2023) was fixed at ₹1,50,000 crore and for H2:2023-24 (October 2023 to March 2024) was fixed at ₹50,000 crore. RBI issued an ultra-long security of 50-year tenor aggregating ₹30,000 crore to cater to the growing needs of long-term institutional players. Issuance of Sovereign Green Bonds (SGrBs) for an aggregate amount of ₹20,000 crore included maiden issuance of 30-year (₹10,000 crore) SGrB in addition to 5-year (₹5,000 crore) and 10-year (₹5,000 crore) SGrBs. A new 3-year benchmark security was introduced as part of government market borrowing programme during H1:2023-24.  The basket of products offered through the ‘Retail ...

RBI’s Monetary Policy (August 06, 2025): In A Nutshell

The bi-monthly monetary policy of Reserve Bank of India (RBI) was announced on August 06, 2025. Here are some of the highlights of the monetary policy announcement. Rates   Change Rate Policy repo rate Unchanged 5.50% Standing deposit facility (SDF) rate 5.25% Marginal standing facility (MSF) rate 5.75% Bank rate 5.75% Monetary policy stance Monetary policy stance unchanged as ‘neutral’. Domestic Economy  Real GDP growth for 2025-26 is projected at 6.5%. CPI headline inflation declined for the eighth consecutive month to a 77-month low (since January 2019) of 2.1% in June, driven primarily by a sharp decline in food inflation. Food inflation recorded its first negative print since February 2019 at (-) 0.2% in June. CPI inflation for 2025-26 is projected at 3.1%. India’s current account deficit (CAD) moderated to 0.6% of GDP in 2024-25 from 0.7% of GDP in 2023-24 due to robust services exports and strong remittances receipts despite higher merchandise trade deficit. As on Augus...

Non-Fund Based Credit Facilities

Reserve Bank of India (RBI) has issued directions on non-fund based credit facilities. To whom shall the directions be applicable? The directions shall apply to the following Regulated Entities (REs) for all their Non-Fund Based (NFB) exposures such as guarantee, letter of credit, co-acceptance etc. Commercial Banks (including Regional Rural Banks and Local Area Banks) Primary (Urban) Co-operative Banks (UCBs) / State Co-operative Banks (StCBs) / Central Co-operative Banks (CCBs) All India Financial Institutions (AIFIs) Non-Banking Financial Companies (NBFCs) including Housing Finance Companies (HFCs) in Middle Layer and above, only for the issuance of Partial Credit Enhancement. The directions shall not apply to the derivative exposures of a RE. Which NFB facilities are permitted to be issued by RE? RE shall issue a NFB facility only on behalf of a customer having funded credit facility from the RE. However, this shall not be applicable in respect of – Derivative contracts entered int...

Co-Lending Arrangements (CLAs)

Reserve Bank of India (RBI) has issued directions on co-lending arrangements which will replace the existing guidelines on co-lending by banks and Non-Banking Financial Companies (NBFCs) to priority sector. What is Co-Lending Arrangement (CLA)? Co-Lending Arrangement (CLA) refers to an arrangement, formalised through an ex-ante agreement, between a regulated entity (RE) which is originating the loans (‘originating RE’) and another RE which is co-lending (‘partner RE’), to jointly fund a portfolio of loans, comprising of either secured or unsecured loans, in a pre-agreed proportion, involving revenue and risk sharing. To whom shall the directions be applicable? The directions shall be applicable to CLAs entered into by the following REs – Commercial Banks (excluding Small Finance Banks, Local Area Banks and Regional Rural Banks) All-India Financial Institutions Non-Banking Financial Companies (including Housing Finance Companies) Which lending arrangements are exempt from the applicabil...

Investment in Alternative Investment Funds (AIFs)

Reserve Bank of India (RBI) has issued directions for investment in Alternative Investment Funds (AIFs) which will replace the existing guidelines . To whom shall the directions be applicable? The directions shall be applicable to investments by the following regulated entities (REs) in units of AIF Schemes – Commercial Banks (including Small Finance Banks, Local Area Banks and Regional Rural Banks) Primary (Urban) Co-operative Banks / State Co-operative Banks / Central Co-operative Banks All-India Financial Institutions Non-Banking Financial Companies (including Housing Finance Companies) What shall be the limits for investment in AIF schemes? No RE shall individually contribute more than 10% of the corpus of an AIF Scheme. Collective contribution by all REs in any AIF Scheme shall not be more than 20% of the corpus of that scheme. Outstanding investments or commitments of a RE, made with prior approval from RBI under the provisions of Master Direction – Reserve Bank of India (Financi...