26.4 C
New York
Thursday, July 25, 2024

RBI Issues Directive: Only Card Issuer and Card Networks Can Store Transaction Data from August 2025

man in gray hoodie sitting on stairs

RBI Issues Directive for Cardholders: No Entity Except Card Issuer and Card Networks Can Store Transaction Data from August 2025

The Reserve Bank of India (RBI) has recently issued a new directive that will have a significant impact on how transaction data is stored and managed by various entities. According to the directive, starting from August 2025, no entity other than the card issuer and card networks will be allowed to store transaction data.

Background

Transaction data refers to the information related to the purchase or usage of a credit or debit card. This data includes details such as the amount of the transaction, the merchant’s name, the date and time of the transaction, and other relevant information. Currently, various entities, including payment aggregators, payment gateways, and other third-party service providers, store and process this transaction data.

However, concerns have been raised regarding the security and privacy of this data. With the increasing number of cyber threats and data breaches, there is a growing need to ensure that transaction data is adequately protected. The new directive by the RBI aims to address these concerns and enhance the security of cardholder data.

The Directive

The RBI directive clearly states that from August 2025 onwards, only the card issuer and card networks will be allowed to store transaction data. This means that payment aggregators, payment gateways, and other entities will no longer be permitted to retain this data.

By limiting the storage of transaction data to the card issuer and card networks, the RBI aims to centralize the data and ensure better control and security. This will help in minimizing the risk of data breaches and unauthorized access to cardholder information.

Implications

The directive will have several implications for various stakeholders in the payment ecosystem:

1. Card Issuers and Card Networks

Card issuers and card networks will now have the sole responsibility of storing and managing transaction data. This will require them to invest in robust data storage and security infrastructure to ensure the protection of cardholder information. Additionally, they will need to comply with the relevant data protection and privacy regulations to avoid any penalties or legal consequences.

2. Payment Aggregators and Payment Gateways

Payment aggregators and payment gateways, which currently store transaction data, will need to adapt to the new directive. They will have to modify their systems and processes to ensure that they no longer retain any transaction data. This may require significant changes to their existing infrastructure and data management practices.

3. Cardholders

Cardholders can expect enhanced security and privacy for their transaction data. With the centralization of data storage, the risk of data breaches and unauthorized access will be minimized. This will provide cardholders with greater confidence in using their cards for various transactions.

Conclusion

The RBI’s directive to restrict the storage of transaction data to only the card issuer and card networks is a significant step towards enhancing the security and privacy of cardholder information. By centralizing the data and limiting access to trusted entities, the RBI aims to mitigate the risks associated with data breaches and unauthorized access. While this directive may require adjustments from various stakeholders, it ultimately benefits cardholders by ensuring the protection of their transaction data.

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Stay Connected

0FansLike
0FollowersFollow
0SubscribersSubscribe

Latest Articles