Home / Advisory / From 01 July 2022, the way you use your Banking Debit Card and Credit Card will change: Reserve Bank of India issues Guidelines for Tokenisation, Storing Customer Card Data by Merchants, and many more…….

From 01 July 2022, the way you use your Banking Debit Card and Credit Card will change: Reserve Bank of India issues Guidelines for Tokenisation, Storing Customer Card Data by Merchants, and many more…….

Posted on
Cyber Secure India

The Reserve Bank of India, in a bid to enhance customer safety, have come out with master directions on issuance and operation of credit and debit cards, with a host of cautions and technology changes. The provisions relating to this has been notified under the Reserve Bank of India (Credit Card and Debit Card – Issuance and Conduct) Directions, 2022. These new provisions will be effective from 01 July 2022 and will be applicable to all Scheduled Bank (excluding Payments Banks, State Co-operative Banks and District Central Co-operative Banks) and all Non-Banking Financial Companies (NBFCs) operating in India.

Merchants/Aggregators barred from storing Customer Card Data in their servers: Online/eCommerce Merchants (like Amazon, Flipkart, Swiggy, etc) and many other Payment Aggregators (like Razorpay, PayU, BillDesk, etc) were providing an option to Banking Card users, to store the Card Details other than the CVV Number, for future use; thereby providing convenience to the consumers. Further, the supplied card details were stored by merchants/aggregators on their local server. Hence, if their security measures were inadequate (or if the stored server is compromised), the customer was at risk. There have been several instances in the past where merchant websites have been hacked and debit and credit card details have been leaked. Now, RBI will not allow such storage and re-use of this vital customer data by merchants/consumers. “This now implies that either the customer will have to enter their card details every time they make an online purchase OR merchants and payment aggregators adopt an alternative technology that allows them to store tokenised versions of the card details.”, as per the new RBI guidelines. Also, this will come into effect from 01 July 2022. But, here again, either of the options is not an easy run-through and it is expected that the new system adaptation will have its own challenges and implementation aspect.

(The RBI on June 24 extended the deadline for card data storage and tokenisation implementation by three months upto 30 September 2022)

No Unsolicited Credit Card: The Credit Card-issuers in India, were issuing Cards with very few Checks and Balances. As a result, the market is now flooded with unsolicited credit cards. In the RBIs New Notification and in specific its new credit card rules; “In case, an unsolicited card is issued/existing card upgraded and activated without the explicit consent of the recipient and the latter is billed for the same, the card-issuer shall not only reverse the charges forthwith, but also pay a penalty without demur to the recipient amounting to twice the value of the charges reversed,” it said.

Non-Closure of Credit Card to Attract Hefty Penalty: Credit Card-issuers will have to honour any request from cardholders to close their credit cards, within seven working days, the RBI has said. Subsequent to the closure of credit card, the cardholder must be immediately notified about the closure through email, SMS, etc, the RBI has said in its guidelines. “Failure on the part of the card-issuers to complete the process of closure within seven working days shall result in a penalty of Rs 500 per day of delay payable to the customer, till the closure of the account provided there is no outstanding in the account.

No Delay in Sending Bills: “Card-issuers shall ensure that there is no delay in sending/dispatching/emailing bills/statements, thereby ensuring intimation of the spending or balance and also, providing adequate time (at least one fortnight) for making payment before the interest starts getting charged,” the RBI has said. Card-issuers shall put in place a mechanism to ensure that the cardholder is in receipt of the billing statement as per the orders of the RBI.

Billing Cycle: A billing cycle of a credit card is defined as the time frame in which a credit card bill is generated. The RBI Notification also provides the guidelines for billing. From July 1, the credit card billing cycle will begin on the 11th day of the previous month and end on the 10th day of the current month. The Customers will be provided at least a fortnight to assess the received bill and make the payment.

No More Wrong Bills: The ownness of ‘Wrong Billing’ has been now placed on the Card-issuers, such wrong billing will be raised and issued to cardholders by the Card Issuers. “In case, a cardholder protests any bill, the card-issuer shall provide explanation and, wherever applicable, documentary evidence shall be provided to the cardholder within a maximum period of 30 days from the date of complaint,” says RBI in its new notification.

Other clarifications are available with more details in the notification (The RBI vide. Circular No. RBI/2022-23/92 DoR.AUT.REC.No.27/24.01.041/2022-23, Dated April 21, 2022,  (The 26 page document is available here …… Click here…………….)

%d bloggers like this: