Skip to main content

What are restrictions on storage of actual card data?

Reserve Bank of India (RBI) restricts storage of actual card data [i.e. Card-on-File (CoF)] by non-bank payment aggregators and merchants.

What is Card-on-File (CoF)?

Card-on-file (CoF) is the storing of customer card and payment information by a merchant, i.e. keeping card information “on file”.

What are the guidelines on storage of actual card data [i.e. Card-on-File (CoF)]?

No entity in the card transaction / payment chain, other than the card issuers and / or card networks, shall store Card-on-File (CoF) data, and any such data stored previously shall be purged.

From when are the restrictions on storage of actual card data [i.e. Card-on-File (CoF)] applicable?

Reserve Bank of India (RBI) had periodically extended the deadline for effecting the restriction on storage of actual card data [i.e. Card-on-File (CoF)] from June 30, 2021 to September 30, 2022, taking into account the representations received from the stakeholders.

All entities, except card issuers and card networks, are required to purge the CoF data before October 01, 2022.

What relaxations are allowed for “guest checkout transactions”?

For ease of transition to an alternate system in respect of transactions where cardholders decide to enter the card details manually at the time of undertaking the transaction (commonly referred to as “guest checkout transactions”), the following are permitted as an interim measure –

  • Other than the card issuer and the card network, the merchant or its Payment Aggregator (PA) involved in settlement of such transactions, can save the CoF data for a maximum period of T+4 days (“T” being the transaction date) or till the settlement date, whichever is earlier. This data shall be used only for settlement of such transactions, and must be purged thereafter.
  • For handling other post-transaction activities, acquiring banks can continue to store CoF data until January 31, 2023.


References

Reserve Bank of India. (2020, March 17). 'Guidelines on Regulation of Payment Aggregators and Payment Gateways (Updated as on November 17, 2020)'. Retrieved from https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=11822&Mode=0

Reserve Bank of India. (2021, December 23). 'Restriction on storage of actual card data [i.e. Card-on-File (CoF)]'. Retrieved from https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=12211&Mode=0

Reserve Bank of India. (2022, June 24). 'Restriction on Storage of Actual Card Data [i.e. Card-on-File (CoF)]'. Retrieved from https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=12345&Mode=0

Reserve Bank of India. (2022, July 28). 'Restriction on Storage of Actual Card Data [i.e. Card-on-File (CoF)]'. Retrieved from https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=12363&Mode=0


Follow at - Telegram   Instagram   LinkedIn   Twitter

Labels:

Comments

Post a Comment

Popular Posts

Digital Payments – E-mandate Framework 2026

Reserve Bank of India (RBI) has issued e-mandate framework for digital payments. What is an e-mandate?  A mandate is a standard instruction that a customer provides to his / her issuing bank and other institutions allowing them to automatically debit the mentioned amount from his / her bank account. e-mandate is the electronic version of it. To whom shall the framework be applicable? The framework shall be applicable to Payment System Providers and Payment System Participants. To which transactions shall the framework be applicable? The framework shall be applicable to processing of recurring transactions, domestic or cross-border, using cards / Prepaid Payment Instrument (PPI) / Unified Payments Interface (UPI). What are the guidelines for registration and revocation of e-mandate? A customer desirous of opting for e-mandate facility shall undertake a one-time registration process. The mandate shall be registered only after successful validation of additional factor of authenticati...
Post a Comment
Read more

Utkarsh 2029

Reserve Bank of India (RBI) has published its medium-term strategy framework – Utkarsh 2029, for the period April 2026 to March 2029. Utkarsh RBI had first formulated its medium-term strategy framework, viz. ‘Utkarsh 2022’ for the period 2019-2022 in July 2019, replacing its annual action plans as the latter spanned over a short period, insufficient to pursue strategic objectives.  The strategic framework contained, inter alia, RBI’s Mission, Core Purpose, Values and Vision Statements, reiterating RBI’s commitment to the Nation. It became a medium-term strategy document guiding RBI’s progress towards realisation of the identified milestones. The subsequent strategy framework, i.e., ‘Utkarsh 2.0’, spanned the period 2023-25. Utkarsh 2029  Utkarsh 2029 is the medium-term strategy framework for the period April 2026 to March 2029. Utkarsh 2029 has a 3-layered structure consisting of strategy pillars guided by the vision and values of RBI. Vision of Utkarsh 2029 – Continue excelle...
Post a Comment
Read more

Credit Information Reporting

Reserve Bank of India (RBI) had issued directions on credit information reporting by the regulated entities. What are Credit Information Companies (CICs)? Credit Information Companies (CICs) mean companies that have been granted a certificate of registration by RBI under section 5 of the Credit Information Companies (Regulations) Act, 2005 (CICRA).  The following CICs are registered with RBI – CRIF High Mark Credit Information Services Private Limited Equifax Credit Information Services Private Limited Experian Credit Information Company of India Private Limited TransUnion CIBIL Limited What are Credit Institutions (CIs)? Credit Institutions (CIs) mean the following institutions – Commercial Banks  Small Finance Banks (SFBs) Local Area Banks (LABs) Regional Rural Banks (RRBs) Primary (Urban) Co-operative Banks (UCBs) Rural Co-operative Banks – State Co-operative Banks (StCBs) Central Co-operative Banks (CCBs) All India Financial Institutions (AIFIs) regulated by RBI – Export I...
Post a Comment
Read more

Treatment of Wilful Defaulters and Large Defaulters

Reserve Bank of India (RBI) had issued the directions on treatment of wilful defaulters and large defaulters. To whom shall the directions be applicable? The directions shall be applicable to the following Regulated Entities (REs) – Commercial Banks  Small Finance Banks (SFBs) Local Area Banks (LABs) Regional Rural Banks (RRBs) Primary (Urban) Co-operative Banks (UCBs) Rural Co-operative Banks – State Co-operative Banks (StCBs) Central Co-operative Banks (CCBs) All India Financial Institutions (AIFIs) regulated by RBI – Export Import Bank of India (EXIM Bank) National Bank for Agriculture and Rural Development (NABARD) National Housing Bank (NHB) Small Industries Development Bank of India (SIDBI) National Bank for Financing Infrastructure and Development (NaBFID) Non-Banking Financial Companies (NBFCs) categorized as Middle Layer and above layers – Deposit taking NBFC (NBFC-D) NBFC-Investment and Credit Companies (NBFC-ICC) NBFC-Factor  NBFC-Micro Finance Institutions (NBFC-MF...
Post a Comment
Read more

Guidelines to facilitate faster cross-border inward payments

Reserve Bank of India (RBI) has issued guidelines to facilitate faster cross-border inward payments. What is the rationale behind the guidelines? The RBI’s Payments Vision 2025 aims to bring efficiency in the cross-border payments aligning with the G20 roadmap for cross-border payments that has set targets for achieving cheaper, faster, more transparent, and more accessible cross-border payments. One of the challenges with speed of cross-border payments is experienced at the beneficiary leg i.e., the time taken from receipt of the payment at the beneficiary bank till credit to the beneficiary account. What are the guidelines to facilitate faster cross-border inward payments? Banks shall inform their customer of the receipt of cross-border inward transactions immediately on receipt of inward message. Messages received after close of operating hours of banks shall be informed to customer immediately at the start of the next business day. Banks shall undertake reconciliation and confirmat...
1 comment
Read more