Tokenization is a process by which card details are replaced by a unique code or token, generated by an algorithm.
Even though some worries about failed payments and revenue losses persist, the central bank of India is not likely to extend a deadline for businesses to install an additional layer of security for customer credit card information.
Smaller merchants have asked for a postponement of the compliance date, but the central bank has given no indication that there will likely be one, according to three banking and merchant sources with knowledge of the situation who spoke to Reuters.
The Reserve Bank of India (RBI) did not respond to an email request for comment.
"The general sense is that banks, card networks and (bigger) merchants are better prepared and so the push from the ecosystem side for an extension has also not been massive and we haven't received any indication to suggest an extension either," said a banker with a large state-owned bank.
"If it happens, it will be a surprise," he added.
Three years ago, India embarked on a mammoth exercise to secure card data by requiring businesses to tokenize cards by Sept. 30.
Tokenization is a process by which card details are replaced by a unique code or token, generated by an algorithm, allowing online purchases without exposing card details, in a bid to improve data security.
The RBI first enacted the regulations in 2019 and, following several extensions, has mandated that all Indian businesses delete any stored credit and debit card information by October 1, 2022.
While banks, card companies and large retailers are prepared, smaller merchants may face trouble which they say could lead to revenue losses for them in the short-term.
Some merchants and bankers also fear card-related transactions may drop in the short-term after tokenization norms are introduced.
“The moment an additional layer or friction is introduced, payments seem to drop. And there are concerns that initially we may see a recurring drop by similar levels to what we had seen," said Rohit Kumar, Founding Partner of TQH Consulting, a public policy consulting firm.
When the previous tokenisation deadline was nearing, recurring payments were failing by 10-15%, according to merchants.
Since card information won't be stored on the merchant servers, Rajaram Suresh of Boston Consulting Group said that in addition to payments, other things that need to be stress tested include what happens when a product is returned and other post-transaction flows.
Unlike India where it has been made mandatory, European stakeholders have been encouraged to tokenize cards for security benefits, Suresh added.
Experts argue that tokenization is necessary at a time when it is anticipated that by 2026, digital payments will total $10 trillion. Increasingly, fraud involving card or internet transactions made up 34.6% of all fraud cases in FY21, according to data from the central bank.
"People are used to one-click checkout so adoption may take more time and some people may shift to cash but considering that this makes online transactions more secure, customers will adopt this faster without much chaos this time around," said Jagdish Kumar Senior Vice President of Worldline India.
(with inputs from Reuters)
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
 "Representational Image")
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
)
){kind=small}
){kind=small}
)
)
)
)
)
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}