The Reserve Bank of India has issued a new rule that will hold online merchants, payment aggregators, and e-commerce websites from storing the debit and credit card details on their websites and apps starting this July. Apparently, we all will have to memorise the card details or keep the card handy whenever we have to make an online transaction!
We would enter the CVV next to the stored card details to authorise an online transaction thus far. With the new rule’s implementation, we will have to enter the card number, name on the card, expiry date, and CVV to make any payment online, may it be a food delivery app, entertainment app, or shopping app every time you make a purchase.
The root cause for the new rule
There have been many small and big fraud and financial theft cases recently. Further, there have been numerous consumer data breaches revealed. With this being the context, the Central Bank argues that preventing online merchants from storing the card details mitigates the associated risk of financial fraud.
Many people have been opposing this decision presenting the fact that the move will discourage the ‘Digital India’ campaign. Even NASSCOM has expressed its concerns against RBI’s decision. It has also added that card details will be crucial to resolving consumer complaints and refund processing. A dependency on payment aggregators and banks will arise, delaying the process to a large extent.
Alternative resolve
Instead of going with RBI’s new rule, NASSCOM suggests that RBI develop a new framework that can store card data with abundant security measures, reporting features, and governance mechanisms as required.
It is reported that about 25 of the online consumer companies, such as Flipkart, Amazon, Zomato, Netflix, and Microsoft, have written letters to the RBI stating that the RBI’s resolve will hinder the online payment experience on their platforms.
A shortcoming from the implementation of the new rule is that it will impact fraud risk assessment. The internal tokenisation feature will no longer be able to protect card data. This is a pitfall for RBI’s objective of building a more secure online payments system.
We are not sure whose argument will win in the debate of making online payments more secure for consumers. It will make things tough for the consumers because it is not easy to remember a 16-digit card number, especially in an era where each person may have more than one card. We have turned out to be individuals who do not put in the effort even to remember the 10-digit mobile number of a family member! It is a given that 16 digits are out of the league! Let us wait and see if things get any better until July 2021.
For any clarifications/feedback on the topic, please contact the writer at apoorva.n@cleartax.in
