RBI wants you to memorise all your debit and credit card numbers — Amazon, Zomato, Netflix and others argue this will make online payments more tedious

• India’s apex banking institution, the Reserve Bank of India (RBI), has issued new master directions that will stop online merchants, payment aggregators and e-commerce websites from storing your debit and credit details.
• This means that you will either have to memorise your card details or keep your card handy every time you want to shop online, renew your subscription or make an in-app purchase.
• The new guidelines are set to kick in from July, this year.

A debit or credit card number is 16 digits, and not everyone has the bandwidth to memorise them in their entirety. Especially, since most people use more than one card. But, according to the Reserve Bank of India’s (RBI) new rules, you may not have a choice. The only other alternative is to take your cards wherever you go.


India’s apex banking institution has issued new guidelines dictating that online merchants, e-commerce websites and payment aggregators — this includes everyone from Amazon to Flipkart to Google Pay to PayTM to Netflix — will no longer be allowed to store card details of a customer online.

According to the RBI’s circular, these new guidelines will come into effect starting July 2021.

This means that rather than just having to enter your CVV to make a payment, you’ll have to enter all your card details — name, card number and expiry date — from scratch every time you want to make an online payment.

One would think that in the push for ‘Digital India’, these new rules would hamper the process of creating a cashless country. But, India’s central bank argues that the point of not letting third parties store card details is to mitigate the additional risk of fraud and financial theft.


Not everyone agrees with the RBI
The Indian IT lobby NASSCOM already expressed its concerns against such a step back in January. “Without card data, merchants will not be able to perform basic functions such as resolution of consumer complaints or disputes, consumer service and speedy resolution of refunds requests, and will be completely dependent upon pay aggregators and banks to provide the same,” it said in letter to the RBI.

Instead, NASSCOM proposes that the RBI could develop a framework to store card data that encompasses security measures, reporting requirements and governance mechanisms as per its requirements.


It also argues that the top financial institution has failed to define the full scope of what falls under the umbrella of ‘payment data’ other than ‘customer card and such related data’.

A group of 25 consumer internet companies like Flipkart, Amazon, Netflix, Microsoft and Zomato also wrote to India’s central bank, according to CNBC-TV18. They argue that these rules would severely hamper the customer’s online payment experience.

Moreover, it would impact fraud risk assessment. Merchants will no longer be able to use any kind of internal tokenisation method to protect card data undermining the RBI’s objective to create a more secure online payments ecosystem.

Regardless of whether the RBI’s new master directions will make payments more secure, it will definitely make things more tedious. Everytime you want to renew your Netflix subscription, shop online, or even make an in-app purchase — you’ll have to manually enter all of your card details. You’ll either have to keep your cards on hand, or memorise the particulars needed to make a transaction.

SEE ALSO:
INTERVIEW: Dassault has an India IT services unit offering defence MSMEs a digital ‘trial room’ where they can test their products to bag more contracts

Indian space startup Pixxel won’t be launching its satellite on February 28