Bom. HC: Govt’s Amendment Exempting Private Schools from RTE Quota If Govt-Run School Nearby, Stayed  ||  Del. HC: Apart from ‘Good and Bad Touch’ Children Need to be Taught About ‘Virtual Touch’  ||  SC: Minimum 1/3rd Women's Reservation in SCBA Posts is on Experimental Basis  ||  SC: Can Apply Doctrine of ‘Lis Pendens’ Even if Section 52 of TPA Inapplicable in a State  ||  SC: Can Apply Doctrine of ‘Lis Pendens’ Even if Section 52 of TPA Inapplicable in a State  ||  Del HC: Accused’s Mobile Having Photos of Osama Bin Laden Not Enough to Label Him as ISIS Member  ||  Supreme Court: Constitutionality of Minimum Mark Criteria for Interview Upheld  ||  All HC: Municipal Corp. to Ensure Availability of Clean Drinking Water to Residents of Lucknow  ||  Bom. HC: Bail Granted to Accused Who Wasn’t Produced Before Court on Seventy Previous Dates  ||  Delhi HC Seeks Explan. from Legal Services Committee on Failure to Assist Litigant Despite Requests    

Restriction on Storage of Actual Card Data [i.e. Card-on-File]- (Reserve Bank of India) (28 Jul 2022)

MANU/RMIC/0131/2022

Banking

1. Reference is invited to Reserve Bank of India (RBI) circulars DPSS.CO.PD.No.1810/02.14.008/2019-20 dated March 17, 2020 and CO.DPSS.POLC.No.S33/02-14-008/2020-2021 dated March 31, 2021 on "Guidelines on Regulation of Payment Aggregators and Payment Gateways", circular CO.DPSS.POLC.No.S-516/02-14-003/2021-22 dated September 07, 2021 on "Tokenisation - Card Transactions: Permitting Card-on-File Tokenisation (CoFT) Services" and, circulars CO.DPSS.POLC.No.S-1211/02-14-003/2021-22 dated December 23, 2021 and CO.DPSS.POLC.No.S-567/02-14-003/2022-23 dated June 24, 2022 on "Restriction on Storage of Actual Card Data [i.e. Card-on-File (CoF)]".

2. In terms of the above circulars, with effect from October 1, 2022, no entity in the card transaction / payment chain, other than the card issuers and / or card networks, shall store CoF data, and any such data stored previously shall be purged.

3. On a review of the issues involved and after detailed discussions thereon with all stakeholders, as also keeping in view that sufficient time has elapsed since the requirements were specified, the following are advised -

a) There shall be no change in the effective date of implementation of the requirements - all entities, except card issuers and card networks, shall purge the CoF data before October 1, 2022.

b) For ease of transition to an alternate system in respect of transactions where cardholders decide to enter the card details manually at the time of undertaking the transaction (commonly referred to as "guest checkout transactions"), the following are being permitted as an interim measure -

i) Other than the card issuer and the card network, the merchant or its Payment Aggregator (PA) involved in settlement of such transactions, can save the CoF data for a maximum period of T+4 days ("T" being the transaction date) or till the settlement date, whichever is earlier. This data shall be used only for settlement of such transactions, and must be purged thereafter.

ii) For handling other post-transaction activities, acquiring banks can continue to store CoF data until January 31, 2023.

4. Appropriate penal action, including imposition of business restrictions, shall be considered by the RBI in case of any non-compliance.

5. This directive is issued under Section 10(2) read with Section 18 of the Payment and Settlement Systems Act, 2007 (Act 51 of 2007).

Tags : RESTRICTION   STORAGE   ACTUAL CARD DATA  

Share :        

Disclaimer | Copyright 2024 - All Rights Reserved