Should Consumers Be Prohibited From Storing Card Data on the Internet?
25 Pages Posted: 3 Jul 2021
Date Written: June 21, 2021
In March 2020, the Reserve Bank of India's guidelines on Payment Aggregators and Payment Gateways prohibited merchants from storing data on cards used by customers. This paper argues that a total prohibition on card data storage is problematic as it affects the ease of transactions for consumers, and effectively tilts consumer preference towards other payment instruments. This runs the risk of technological choices in the industry being made or substantially shaped by the regulator. The documents released lack a cost-benefit analysis of this prohibition and do not demonstrate that the chosen intervention is the best one. This raises concerns in the light of emerging Indian jurisprudence on the standards of regulatory governance to be met by statutory regulatory agencies. We show alternative approaches to address concerns relating to breaches of card information stored by consumers on the internet. These include better security standards, tokenization, and liability frameworks.
Keywords: payment systems, law, technology, data protection, payment gateways, payments policy
JEL Classification: K23,G28
Suggested Citation: Suggested Citation