RBI Notification

Extension of timeline for non-bank Payment Aggregators: RBI Notification

The Reserve Bank of India recently extended the deadline for the implementation of new rules for payment gateways and for online merchants. RBI stated that it received several representations from the industry seeking additional time for implementing the new rules. Therefore it decided to extend the timeline for non-bank payment aggregators by six months- till 31^st December 2021. In this article, we shall have an overview of the RBI notification in this regard and also look at the rules issued by RBI.

Extension of timeline for non-bank Payment Aggregators: Background of the RBI notification

On March 17, 2020, the Reserve Bank had issued certain guidelines for payment gateways and payment aggregators that barred them from storing customer data and such data on their servers. The guidelines further barred payment aggregators from storing card credentials of customers on their databases or on servers that were accessed by merchants.

However, RBI released another notification on March 31^st, 2021, stating that it received several representations seeking additional time for implementing these instructions as most banks were not ready to implement the new rules. The new rules were set to commence from 1^st July 2021. Therefore the Reserve Bank, as a one-time measure, decided to extend the timeline for non-bank payment aggregators by six months for its implementation. This has been extended with a view to provide the payment system providers and participants to put in place workable solutions such as tokenization.

Meaning of Tokenization-

This aims to improve the safety and security of the payment system. Tokenization^[1] means replacement of actual card details with a unique alternate code called as token. It will be unique for a combination card, token requestor, and identified device.

Instead of using the details of the actual card, this token is used to do card transactions in a contactless mode at point of sale terminals and for quick response code payments.

Analyzing the new rules proposed by the RBI

With the implementation of the new rules, it would mean the next time you transact online, you would be required to go through the complete process of selecting the card type, entering the name as on the card, and entering the card number before you enter your CVV number and OTP to complete a transaction.

Now this means the ease with you used to sail through the transaction process is no more available. This would mean carrying your card physically or memorizing the card credentials to be able to transact at anytime by keying in all necessary details.

Here we need to note the intent and the objective behind this move. The objective of RBI is to strengthen customer safety and security of the transaction due to an increase in fraud cases and hacking. Here the convenience of online payment may become a casualty. Consumers would be required to carry cards which runs the risk of offline theft. The ease of payments caused many to get onboard to the internet bandwagon to order their necessities, especially during lockdown.

However, with the new rules, the convenience is somewhat reduced. Through a few clicks, they have helped in undertaking multiple activities that would not have been possible without stepping out. With the implementation of new guidelines, businesses that completely rely on online payments are left scratching their head as the switch would bring down transaction efficiency and convenience. 

Industry experts also believe that not allowing merchants to store data will not just inconvenience customers but can also disrupt the digital payments ecosystem and cause system fragility issues. Customer internet companies like Flipkart, Amazon, Netflix, Zomato, and Microsoft reached out to the central bank expressing concerns surrounding the impact on customer payment experience if they are not exempted from this new rule.

They had further asked for an extension, but the Reserve bank at that point rejected the merchants demand to defer the rule. Experts stated that in case the new rules are enforced in their current form, customers would experience increased friction in subscription based services which requires companies to store data so that they are able to bill consumers on a recurring basis.

From next year onwards, merchants would ask customers for their card information in every billing cycle which can cause inconvenience to customers and disrupting businesses.

It is worth noting here that customer safety can’t be compromised with, but the rules and regulations should be drafted in a way that doesn’t discard the ease of operations. Here the path to follow should be to introduce robust data security measures and employ mechanisms to keep customers’ data safe.

Conclusion

Now that the Reserve bank has postponed the implementation of new rules for non-bank payment aggregators, which was to kickoff from 1^st July 2021, it would provide some sort of relief for top merchants from the inevitable. Now the implementation of the new rules would be made in 2022.

Read our article:Guidelines mandated by RBI on Regulation of Payment Aggregators