Moneycontrol PRO
Upcoming Webinar:Watch a panel of experts discuss: Challenges of continuously evolving regulation for Cryptocurrency, on 7th July at 3pm. Register Now

Indian Banks Association writes to RBI, seeks extension for tokenisation deadline

The regulator is yet to respond to requests of an extension by the IBA and banks. With just 10 days to go for the deadline, bankers are worried that online payments will witness major disruption if an extension is not granted.

December 21, 2021 / 12:16 PM IST

With just 10 days to implement tokenisation, banks are worried that there will be a huge disruption across online payments platforms during the new year, unless the Reserve Bank of India (RBI) considers their request to extend the deadline.

The apex banking body Indian Banks Association (IBA) and banks individually have made representations to the RBI to extend the deadline for implementing tokenisation of credit and debit cards, sources told Moneycontrol.

"Every bank has been writing individually to the RBI. IBA has written to them too. If the whole ecosystem has to implement tokenisation at the same time, it will be chaos. It has to be a gradual and step-by-step process," a banker said requesting anonymity.

Explained | What Is Tokenisation & How Will It Benefit Credit Card Holders?

Banks believe that more time is required to fill gaps in the last-mile preparedness of the ecosystem and ensure that all customers are aware of the process. However, the regulator is yet to respond to the IBA and banks on whether it is open to extending the deadline or not.


"RBI has done multiple consultations. Now we are just waiting for their response. We are hoping that we should get some response from the RBI by the last week of December," he added.

Moneycontrol had reported earlier that the last mile, i.e., small payment gateways (PGs) and merchants are yet to fully implement the framework. Meanwhile, card networks RuPay, Visa and Mastercard and large payment gateways have said that they are ready with the infrastructure to convert cards into tokens.

Another source from the banking industry said, "The IBA has highlighted in its representations to the RBI that preparedness of small merchants and lack of customer awareness are the key reasons why an extension will be needed."


Online platforms like Zomato, Uber etc started prompting their users a while ago to give consent to tokenise their credit and debit cards.

"Bigger merchants have the tech infrastructure and teams to execute this. But smaller merchants will take more time," the source added.

Concerns around integrating internal systems of banks to the framework and implementations for use cases like Buy Now Pay Later (BNPL) are also worrying banks, the banker said.

Since the card data will be encrypted and only a token number will represent the cards, banks and fintechs will not know when the customer's credit or debt card expires. Without that information, they will be exposed to the risk of defaults if the amount cannot be debited for expired cards at the end of the credit tenure.

This dates back to March 2020 when the RBI first released guidelines for payment gateways and payment aggregators (PAs) which state that PAs and merchants shall not store card credentials of customers in their database starting January 1, 2022. RBI has already extended the deadline once from March 31, 2021 to December.

In the absence of an alternative such as CoF Tokenisation, customers who wish to use their credit or debit cards will have to enter their details afresh for each transaction, including their 16-digit card number, card expiry date and card verification value (CVV).
Priyanka Iyer
first published: Dec 21, 2021 12:11 pm
ISO 27001 - BSI Assurance Mark