Memorising your 16-digit debit or credit card number may have to be at the top of your resolutions for 2022, if the digital payments ecosystem starts the year under-prepared.
Less than a fortnight before the January 1 rollout, banks, card networks such as Visa, Mastercard and RuPay, and payment gateways are yet to fully integrate the new Card on File Tokenisation (CoFT) payment method. While there is partial preparedness, no part of the payments ecosystem has told the Reserve Bank of India (RBI) that more time is required for a non-disruptive implementation.
CoFT refers to the replacement of actual card details with a code called a ‘token’, which will be unique for every debit or credit card and merchant platform where the card is being used.
Moneycontrol has learnt from industry sources that while card networks and payment service providers are ready with the technology to convert card details into tokens, integration of existing systems to use those tokens to execute transactions is still ongoing. India’s vast customer base, too, needs more time to learn about tokenisation and consent to the method.
Second disruption in months
If things don’t go smoothly, January will see the industry suffer a second major disruption just months after the Central Bank’s recurring payment norms led to failed subscriptions and revenue losses for small businesses.
In case any part of the ecosystem is not fully prepared for tokenisation, the impact will be far-fetched, even larger than the recurring payments disruption. That is mainly because recurring payments make up only 3 percent of all payments in India, while tokenisation impacts all online payments.
Any failed payments will result in a revenue loss for players across the ecosystem as well as customers.
The RBI is currently holding discussions with card networks and banks to get an update on the status of implementation. However, none of the ecosystem players have explicitly sought an extension yet.
“The elephant in the room is who will bell the cat to say an extension is needed. Whoever has said they are ready, they can only be as ready as the banks or the card networks are,” said a payment ecosystem executive.
Meetings are set to be held in the coming weeks as well between card networks, banks and the RBI. What representations are made by networks and banks in these meetings will be crucial in deciding the industry’s stance ahead of the deadline, the executive added.
Largely, the industry is known to have hinted that an extension would be helpful to avoid large-scale disruption.
Moneycontrol reached out to Visa, Mastercard and RuPay with queries. The companies were yet to respond at the time of publishing this story.
What is tokenisation?
CoFT replaces card details with a ‘token’, which will be unique for every debit or credit card and merchant platform where the card is used.
In a bid to increase customer safety and prevent fraud, RBI guidelines for payment aggregators (PA) and payment gateways (PG) state that PAs and merchants shall not store card credentials of customers in their database starting January 1, 2022.
In the absence of an alternative such as CoF Tokenisation, customers who wish to use their credit or debit cards will have to enter their details afresh for each transaction, including their 16-digit card number, card expiry date and card verification value (CVV).
Work that is yet to be done
Beyond PGs and card networks creating tokens, work needs to be completed on two more fronts. One is integrating multiple internal systems for various kinds of payments, including EMIs and recurring payments, to tokenisation. The other is customer education.
All card networks as well as major payment service providers such as Razorpay, PayU, PhonePe and Juspay are ready with their tokenisation products.
“Processes are still mostly prepared for basic online transactions. But systems that banks use to process their transactions are being geared up for the tokenisation environment,” the source cited earlier said.
While major merchants are already prompting customers to tokenise their cards, many smaller merchants and PGs, too, are yet to be fully integrated into the system.
“Major players are geared up as far as the tech infrastructure is concerned. Many major banks have also implemented their PGs. But the last mile, i.e., big PGs extending it to their merchants and banks with smaller PGs, that is still underway,” added another fintech executive.
Customer education will give customers the confidence to give their consent before the deadline to replace their card details with tokens.
“The worry is that customers have not been given enough time to tokenise or even understand what it means. Most merchants started prompting customers only recently,” said a third person aware of the developments.
What to expect
With gaps yet to be filled, the industry expects initial disruptions, and a short-term revenue loss as customers may switch to cash payments while they come to terms with the sea change in a process that has been around for years.
However, there is no clarity on whether RBI will consider another extension since the deadline has already been extended from March 31, 2021.
“It is highly unlikely at this point that another extension will be given. From what we saw with recurring payments, the RBI may not prolong the implementation after having given enough time,” said the source cited above.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
