Skip to main content

What are restrictions on storage of actual card data?

Reserve Bank of India (RBI) restricts storage of actual card data [i.e. Card-on-File (CoF)] by non-bank payment aggregators and merchants.

What is Card-on-File (CoF)?

Card-on-file (CoF) is the storing of customer card and payment information by a merchant, i.e. keeping card information “on file”.

What are the guidelines on storage of actual card data [i.e. Card-on-File (CoF)]?

No entity in the card transaction / payment chain, other than the card issuers and / or card networks, shall store Card-on-File (CoF) data, and any such data stored previously shall be purged.

From when are the restrictions on storage of actual card data [i.e. Card-on-File (CoF)] applicable?

Reserve Bank of India (RBI) had periodically extended the deadline for effecting the restriction on storage of actual card data [i.e. Card-on-File (CoF)] from June 30, 2021 to September 30, 2022, taking into account the representations received from the stakeholders.

All entities, except card issuers and card networks, are required to purge the CoF data before October 01, 2022.

What relaxations are allowed for “guest checkout transactions”?

For ease of transition to an alternate system in respect of transactions where cardholders decide to enter the card details manually at the time of undertaking the transaction (commonly referred to as “guest checkout transactions”), the following are permitted as an interim measure –

  • Other than the card issuer and the card network, the merchant or its Payment Aggregator (PA) involved in settlement of such transactions, can save the CoF data for a maximum period of T+4 days (“T” being the transaction date) or till the settlement date, whichever is earlier. This data shall be used only for settlement of such transactions, and must be purged thereafter.
  • For handling other post-transaction activities, acquiring banks can continue to store CoF data until January 31, 2023.


References

Reserve Bank of India. (2020, March 17). 'Guidelines on Regulation of Payment Aggregators and Payment Gateways (Updated as on November 17, 2020)'. Retrieved from https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=11822&Mode=0

Reserve Bank of India. (2021, December 23). 'Restriction on storage of actual card data [i.e. Card-on-File (CoF)]'. Retrieved from https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=12211&Mode=0

Reserve Bank of India. (2022, June 24). 'Restriction on Storage of Actual Card Data [i.e. Card-on-File (CoF)]'. Retrieved from https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=12345&Mode=0

Reserve Bank of India. (2022, July 28). 'Restriction on Storage of Actual Card Data [i.e. Card-on-File (CoF)]'. Retrieved from https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=12363&Mode=0


Follow at - Telegram   Instagram   LinkedIn   Twitter

Labels:

Comments

Post a Comment

Popular Posts

Credit Facilities – Digital Lending Guidelines

Reserve Bank of India (RBI) has issued directions on credit facilities offered by various regulated entities. This article summarises the directions applicable to digital lending. To whom are the directions applicable? The directions are applicable to the following Regulated Entities (REs) – Commercial Banks  Small Finance Banks (SFBs) Local Area Banks (LABs) Regional Rural Banks (RRBs) Primary (Urban) Co-operative Banks (UCBs) Rural Co-operative Banks – State Co-operative Banks (StCBs) Central Co-operative Banks (CCBs) All India Financial Institutions (AIFIs) regulated by RBI – Export Import Bank of India (EXIM Bank) National Bank for Agriculture and Rural Development (NABARD) National Housing Bank (NHB) Small Industries Development Bank of India (SIDBI) National Bank for Financing Infrastructure and Development (NaBFID) Non-Banking Financial Companies (NBFCs) for all layers – Deposit taking NBFC (NBFC-D) NBFC-Investment and Credit Companies (NBFC-ICC) NBFC-Factor  NBFC-Micro...
Post a Comment
Read more

Credit Facilities – Lending against Gold and Silver Collateral

Reserve Bank of India (RBI) has issued directions on credit facilities offered by various regulated entities. This article summarises the directions applicable to lending against gold and silver collateral. To whom are the directions applicable? The directions are applicable to the following Regulated Entities (REs) – Commercial Banks  Small Finance Banks (SFBs) Local Area Banks (LABs) Regional Rural Banks (RRBs) Primary (Urban) Co-operative Banks (UCBs) Rural Co-operative Banks – State Co-operative Banks (StCBs) Central Co-operative Banks (CCBs) Non-Banking Financial Companies (NBFCs) for all layers – Deposit taking NBFC (NBFC-D) NBFC-Investment and Credit Companies (NBFC-ICC) NBFC-Factor  NBFC-Micro Finance Institutions (NBFC-MFI)  NBFC-Infrastructure Finance Company (NBFC-IFC)  Infrastructure Debt Fund-NBFC (IDF-NBFC)  Housing Finance Company (HFC)  To whom are the directions partially applicable? The prudential regulations are not applicable to ‘NBFCs-B...
Post a Comment
Read more

Credit Facilities – Finance to Non-Banking Financial Companies (NBFCs)

Reserve Bank of India (RBI) has issued directions on credit facilities offered by various regulated entities. This article summarises the directions applicable in respect of finance to Non-Banking Financial Companies (NBFCs). To whom are the directions applicable? The directions are applicable to the following Regulated Entities (REs) – Commercial Banks  Small Finance Banks (SFBs) Primary (Urban) Co-operative Banks (UCBs) All India Financial Institutions (AIFIs) regulated by RBI – Export Import Bank of India (EXIM Bank) National Bank for Agriculture and Rural Development (NABARD) National Housing Bank (NHB) Small Industries Development Bank of India (SIDBI) National Bank for Financing Infrastructure and Development (NaBFID) What are the conditions on finance to NBFCs? Commercial Banks and SFBs The bank shall extend need based working capital facilities as well as term loans to NBFCs registered with the RBI and engaged in infrastructure financing, equipment leasing, hire-purchase, l...
Post a Comment
Read more

Guidelines on Money Changing Activities (Updated as on May 06, 2026)

Reserve Bank of India (RBI) has updated the guidelines on money changing activities. What are the guidelines for appointment of agents / franchisee? RBI had permitted Authorised Dealers (ADs) Category - I, ADs Category - II and Full Fledged Money Changers (FFMCs) to enter into agency or franchisee agreements at their option for the purpose of carrying restricted money changing business i.e. conversion of foreign currency notes, coins or travellers' cheques into Indian Rupees (INR).  A franchisee can be any entity which has a place of business and a minimum Net Owned Funds of ₹10 lakh.  Franchisees can undertake only restricted money changing business. Franchisees of AD Category - I / AD Category - II / FFMCs functioning within 10 kms from the borders of Pakistan and Bangladesh may also sell the currency of the bordering country, with the prior approval of RBI.  Other franchisees of AD Category - I / AD Category - II / FFMCs cannot sell foreign currency. An authorised pers...
Post a Comment
Read more

Regulations for Authorised Persons

Reserve Bank of India (RBI) has issued a revised framework for authorisation of any person as an Authorised Person under the Foreign Exchange Management Act (FEMA), 1999. Who can act as an Authorised Person? No person shall act as an authorised person without obtaining an authorisation from the RBI. A person seeking authorisation as an authorised person may apply to the RBI through the PRAVAAH portal (https://pravaah.rbi.org.in) to the regional office concerned of the RBI under whose jurisdiction the registered office of the applicant is established. RBI shall consider applications for fresh authorisation under 3 categories, namely, Authorised Dealer (AD) Category-I, AD Category-II and AD Category-III. Which entities are eligible to act as an Authorised Person? Category Eligible entities AD Category-I A bank licensed by the RBI. AD Category-II A bank licensed by the RBI or a Non-Banking Financial Company (NBFC) registered with the RB...
Post a Comment
Read more