RBI to restrain payment aggregators from saving debit, credit card data from Aug 2025
The Reserve Bank of India (RBI) is apparently getting strict with payment aggregators (physical) with introduction of new draft regulations, which stipulate that the non-banking entities which fail to apply for authorisation and are unable to maintain the net worth of ₹15 crore at the time of applying will have to close their business down by July 31, 2025.
The good news for users of debit and credit cards is that the payment aggregator firms will not be allowed to store card on file (COF) data from August 1 next year onwards. The only entities allowed to store the COF data will be card issuers and card network such as VISA, Mastercard and bank, says the RBI's draft circular.
“For face-to-face / proximity payment transactions done using cards, from August 1, 2025, no entity in the card transaction / payment chain, other than the card issuers and / or card networks, shall store the CoF data," reads the circular.
And the previously stored data will have to be purged. For the purpose of tracking transactions or for reconciliation, entities will be allowed to store limited data i.e. last four digits of card number and card issuer's name.
However, since these regulations are still at the ‘draft’ stage, they would be implemented only after comments from the stakeholders are received.
The banking regulator has also stipulated that these PAs will have to maintain the minimum net worth of ₹25 crore at all times.
Payment aggregator is a third-party service provider that enables customers to make payment to merchants.
It is only through these payment aggregators that customers are able to make payment via debit & credit cards, UPI, bank transfer. These payment aggregators include Amazon Pay, Razorpay, Paytm, Cashfree,
Read more on livemint.com
