Payments Council of India (PCI) has said in a statement that customers will not have to remember the 16-digit card number for online payments effective from January 2022, in contrast to what has been reported in certain sections of the media.
The industry and PCI are working in alignment with Reserve Bank of India (RBI) on the possible secure card on file solutions which will ensure a near similar customer experience for online purchases whilst enhancing the security of the storage of card credentials of customers, the statement said.
On March 31, 2020, RBI had released a notification, for payment system providers and participants to put in place workable solutions such as tokenization for enhancing the security of the storage of customer’s card credentials, within the framework of the relevant guidelines issued by the RBI.
PCI has shared with RBI the principles that can be adopted by the industry for developing such a secure card on file solution.
“We are working closely with RBI on charting a roadmap of the possible solutions that could be adopted by the industry for securing the storage of raw card data. Solutions being worked upon, would not require the customers to enter their card number manually every time they make an online purchase” said PCI.
“The solutions will adhere to the security checks and controls and frameworks prescribed by RBI”, it added.
From tightening the security of card not present transactions by introducing the requirement of AFA in 2009 to tackling the risk associated with data storage/breach effective Jan 2022, RBI has played a key role in enhancing the security of card transactions.
RBI has also played a catalytic role in the development and growth of digital payments across the country thereby progressing towards the goal of “less-cash society”. It has set out guidelines and circulars for the effective functioning of the payment systems with a focus on security controls.
PCI is the representative body for payment companies in the country,