💳 a chaotic new year's eve
RBI's new card tokenization mandate causes panic in India's tech industry.
Hey 👋
Hope you had an amazing weekend!
Welcome to the mesha tribe—a biweekly newsletter by Mesha, an exclusive social community that lets you chat with friends, discover stocks and participate in challenges all on one platform.
Sounds good? Sign up below 👇
Great. Let’s go!
The Big Story
Privacy! Protection! Password!
Since 2020, such buzzwords have garnered much of mainstream media attention as conversations around centralization sparked fundamental concerns about digital security.
And as we near the end of 2021, the RBI has decided to address this pressing issue in one specific domain: card payments.
In March 2020, India's central bank first issued new guidelines barring online merchants and payment gateways from storing customers' debit and credit card details in a bid to heighten data security. While the rules were set to be effective from July 2021, the RBI extended the deadline to December 31, 2022, for payment system providers and participants to minimize inconvenience and introduce workable solutions such as tokenization. (Think of all those popular services like Google, Amazon, Flipkart, Microsoft, Zomato, Netflix, and many more, that you use every day who will have to erase your card details in just 10 days!)
What is card tokenization?
It refers to the replacement of a 16-digit code by a random 16-digit string of numbers (token) generated by an algorithm that cardholders can use to make online purchases without revealing their card details. The new payment method, aka Card on File Tokenisation (CoFT), is a unique combination of device, token, and token requester (the entity which takes tokenization requests from customers and sends them to the card network such as Visa, Mastercard, or Rupay, to receive a corresponding token).
When a customer makes payment via CoFT, it becomes difficult for bad actors to decrypt their data or reverse engineer. Plus, in case of a breach in the merchant company's data, customers' card details remain protected and safe, which is what the central bank is counting on it to do. The service is optional, non-chargeable, and only for domestic transactions.
Here’s a great ET infographic explaining it in detail -
While card companies are ready to deploy their tokenization technology, its integration into the existing system is still underway. And noting India's vast customer base, it's going to take them a while to get everyone's consent.
Global trade bodies such as Nasscom and Alliance of Digital India Foundation (ADIF) seek a two-year transition timeframe and a phased implementation of the new rules. “We are asking for more time, no one wants to wake up to mayhem on January 1,” said ADIF executive director Sijo Kuruvilla George, who estimates the decision to generate revenue losses of around 20-40% for merchants and small firms. Not just that, ADIF further expects the decision to put hundreds of small and medium merchants and payment operators completely out of business.
Overall, the industry expects a rapid disruption in the consumer buying process, a decline in card payments, and a short term increase in the use of cash, which would mean undoing years of digitization efforts by the government and lenders.
While it seems highly unlikely that the RBI will give another extension to banks given what we've seen with recurring payments rules, how beneficial will this new disruption be for merchants and customers alike is something we'll get to witness in the new year.
Share what you learn 🤝
You made it!
If you found this newsletter insightful, share it with your friends and colleagues and let us know what you think. And thank you for reading!
We, at Mesha, believe in democratizing finance. Join us and be a part of a community that helps you to take your net worth #ToTheMoon🚀
See ya!