Working with RBI to ensure customers don't have to key in card number: PCI

The Reserve Bank of India (RBI) along with the payments industry, and the payments council of India (PCI) is working on a possible solution that could ensure that the customers do not have to key in their 16 digit credit or debit card number, every time they make payments through their cards.

The RBI's new rules are supposed to kick in from January 2022.

In a statement, the PCI said, “The industry and PCI are working in alignment with RBI on possible secure card on file solutions which will ensure a near similar customer experience for online purchases whilst enhancing the security of the storage of card credentials of customers.”

The RBI was not willing to budge from its stance, insisting that payment facilitators cannot store customer card details. This came as an inconvenience to many, particularly online shopaholics who have to so far key in only the CVV number of their cards saved (masked with the last four digits visible) on the e-commerce portal and proceed with a transaction.

“We are working closely with the RBI on charting a roadmap of the possible solutions that could be adopted by the industry for securing the storage of raw card data. Solutions being worked upon, would not require the customers to enter their card number manually every time they make an online purchase” the PCI said. 

It said the solutions will adhere to the security checks and controls and frameworks prescribed by RBI. 

The RBI’s new rules would have mandated that every time a transaction was made, the entire card details must be keyed in. These would reach the merchant servers in a tokenised format, or as random numbers. Since the tokenised numbers generated would be one-time in nature, the merchant site and payments facilitator would have no reason to save the details.Experts had said while RBI’s concern is genuine, it would create friction, in an otherwise seamless transaction process. The efficiency and ease of making payments in the periodic/monthly subscription-based models will be disrupted, the experts had pointed out. 

PCI said it has shared with RBI the principles which can be adopted by the industry for developing secure card on file solutions.