Amazon, Netflix & Others Won’t Be Allowed To Store Credit/Debit Card Details; Memorizing The Only Option?
Strict new rules for payment aggregators and gateways constructed by RBI to go on floors from this July has invited letters expressing concern from e-commerce giants Flipkart, Amazon, joining a conglomerate of 25 companies.
Streaming services, food delivery apps, e-commerce and more will not be allowed to store customer payment data on their servers any longer.
These guidelines were issued on Mar 17, 2020. On Feb 1 the aforementioned companies wrote to the RBI stating that the move could negatively impact not just customer experience and convenience but also complaint resolution responses such as issuing refunds and replacements.
It is being speculated that the move comes on the back of the January Juspay card data breach which leaked critical information of around 4.5 crore individuals. This trespass could have possibly spooked the apex body enough to formulate laws pertaining to data protection or info security.
Does More Harm Than Good?
There are also fears that instead of making online payments more secure, it could instead make it more vulnerable as fraud risk assessment would be adversely hit.
Industry bodies like Payments Council of India and NASSCOM have opined that “without card data, merchants will not be able to perform basic functions such as resolution of consumer complaints or disputes, consumer service and speedy resolution of refunds requests, and will be completely dependent upon pay aggregators and banks to provide the same,” in the latter’s letter to the RBI back in January.
Another argument that was put forward by the affected companies is that they are already PCI DSS Level 1 certified merchants, making them best equipped to securely manage and store card details since their card data is encrypted. Hence they should be exempted from the draconian mandate.
The move also adds to consumers’ burdens instead of alleviating it as they will now have to re-enter payment details for every purchase since single-click payments and customised checkouts will no longer be possible under the new rules.
Automatic recurring payments for subscription based services like OTTs will also be done away with, hampering customer experience even further.
Alternatives left for online customers are to either keep their card on them at all times, or to perhaps write the number down somewhere for easy access- both being highly ineffective and unsafe methods of data storage.
NASSCOM has suggested that the RBI should enable data storage on a framework constructed by itself that would cover all security measures, reporting requirements and governance mechanisms.
It is curious and ironic that most digital transaction complaints have been filed against public sector banks-accounting for 59-61% of total digital payment complaints as per RBI’s Annual Report on Banking Ombudsman Scheme 2019-20.