On Thursday, the Reserve Bank of India (RBI) said that from October 1, no entity in the card transaction/payment chain other than the card issuer and the card network could store CoF (card on file) data and any required Clear these previously stored data.

The RBI has made it clear that the effective date of the implementation requirement will not change as enough time has passed for the regulatory requirement.

To facilitate the transition to an alternative system where cardholders enter card details manually when conducting transactions (often referred to as “guest checkout transactions”), as a temporary measure, the RBI has allowed card issuers and card networks to participate. The entity, merchant or its Payment Aggregator (PA) to which such other transactions are settled will retain the CoF data until the date of the transaction plus four days or the maximum period until the date of settlement, whichever is earlier.

In a notice, RBI said: “The data can only be used for settlement of such transactions and must be cleared after the fact”.

It added that to process other post-trade activities, acquiring banks can continue to store CoF data until January 31, 2023.

“In the event of any irregularities, the RBI should consider appropriate criminal action, including the imposition of business restrictions,” the central bank added.