Clipped from: https://economictimes.indiatimes.com/opinion/et-commentary/why-rbi-should-not-enforce-card-tokenisation-mandate/articleshow/92420016.cms
For tokenisation to work, entities in the payments value chain – issuer banks, card networks, payment gateways (PGs), payment aggregators (PAs), acquirer banks and merchants – are dependent on each other for testing and integrating viable solutions. In other words, the tokenisation chain is as strong as its weakest link, and the slightest of disruption can adversely impact consumer experience.
Pradeep S Mehta
The writer is secretary general, CUTS (Consumer Unity and Trust Society) International, and former member, think-tank on national policy on ecommerce, ministry of commerce and industry, GoI. Inputs by Ujjwal Kumar
RBI’s move to introduce card-on-file tokenisation (CoFT) to cast a safety net on consumers’ card details is a move in the right direction. As we inch closer to the extended deadline for CoFT of June 30, RBI must provide clarity on the state of ecosystem-readiness for seamless transition to CoFT-enabled digital payments at scale.
It must reveal efforts it is taking to nudge players to implement CoFT, disclose entities that are ready and highlight its initiatives to prepare consumers for the change. Such transparency is critical to retain consumer trust and confidence, and for RBI to uphold its reputation.
For tokenisation to work, entities in the payments value chain – issuer banks, card networks, payment gateways (PGs), payment aggregators (PAs), acquirer banks and merchants – are dependent on each other for testing and integrating viable solutions. In other words, the tokenisation chain is as strong as its weakest link, and the slightest of disruption can adversely impact consumer experience. Large-scale token provisioning, processing and deployment in various use-cases are key steps. While significant progress has been made in token provisioning, token processing is being tested.
In December last year, RBI had extended the original deadline of purging card data with merchants, PAs and PGs from December 31, 2021, to June 30, 2021. It is, thus, imperative for RBI to highlight the progress made in the past few months, and tell us about the pending tasks. For instance, we need to know if the banks and card networks have provided final versions of application programming interfaces (APIs) and testing environment to PAs, PGs and merchants. Similarly, efforts being made to address challenges faced by consumers in token provisioning deserve public attention.
Estimates suggest that digital payments in India can reach up to $10 trillion (about ₹782 lakh crore) by 2026. RBI recognises this potential and its consequent implications, and is focused on creating a secure and seamless enabling environment for consumers to make digital payments. Typically, an online payment transaction is completed within a minute, failing which the transaction times out. Reportedly, simultaneous token provisioning and processing is taking much more than a minute. Unreasonable delays can lead to large-scale time-outs and transactions failures.
Similarly, the current rate of tokenised transactions being processed per second is reportedly less than a tenth of the industry standard. With progress at this rate, 7 out of every 10 consumers wanting to use cards may witness inconvenience in transaction processing, of whom many could experience transaction failures.
Also, testing for use-cases critical for consumers, such as chargebacks in case of fraudulent transactions, conversion of high-value transactions in equitable monthly instalments and refunds for a variety of reasons, has reportedly not happened at scale. Absence of seamless transaction processing and lack of support to specific use-cases could result in significant adverse impact on consumers, freelancers, entrepreneurs, startups and MSMEs dependent on online transactions. Online card-based transactions of at least ₹1 lakh crore per quarter could be adversely impacted, in case consumers card data is purged, without complete implementation of tokenisation.
A recent survey of digital consumers by CUTS (bit.ly/3Ox9Rut) revealed that faced with severe inconvenience in making card-based payments, consumers may reduce the frequency of such transactions, and some could also consider shifting to alternate modes of payments. This will be antithetical to GoI’s Digital India initiative. Unfortunately, in the past, consumers have borne the brunt of transition to safer and efficient systems. These concerns have been tagged as ‘teething issues’ or ‘temporary’ in nature, and have been brushed under the carpet. This practice must end.
A repeat of the disruption witnessed during the operationalisation of the e-mandate directive may permanently disenchant some consumers from digital payments. The ecosystem, including the regulator, needs to be more empathetic to consumers. RBI should not enforce the tokenisation mandate till it is certain that the players are ready to seamlessly process tokenised transactions and related use-cases with speed at scale. It should simultaneously monitor the preparedness of banks and card networks. In consultation with them, RBI should fix a deadline to provide APIs and testing environment to PAs, PGs and merchants, and enforce it.
RBI should also discuss the time that merchants, PAs and PGs need to test and integrate the solutions on a best-effort basis, and fix a timeline. Meanwhile, the acquiring banks may be allowed transitional storage of card details for the settlement period, which can also help in fraud prevention and grievance redress for consumers. The ball is in RBI’s court to act in consumer interest.
The writer is secretary general, Consumer Unity & Trust Society (CUTS) International. Inputs by Vidushi Sinha