Should Consumers Be Prohibited From Storing Card Data on the Internet?

25 Pages Posted: 3 Jul 2021

See all articles by Renuka Sane

Renuka Sane

National Institute of Public Finance and Policy

Ajay Shah

Independent

Bhargavi Zaveri

Independent

Date Written: June 21, 2021

Abstract

In March 2020, the Reserve Bank of India's guidelines on Payment Aggregators and Payment Gateways prohibited merchants from storing data on cards used by customers. This paper argues that a total prohibition on card data storage is problematic as it affects the ease of transactions for consumers, and effectively tilts consumer preference towards other payment instruments. This runs the risk of technological choices in the industry being made or substantially shaped by the regulator. The documents released lack a cost-benefit analysis of this prohibition and do not demonstrate that the chosen intervention is the best one. This raises concerns in the light of emerging Indian jurisprudence on the standards of regulatory governance to be met by statutory regulatory agencies. We show alternative approaches to address concerns relating to breaches of card information stored by consumers on the internet. These include better security standards, tokenization, and liability frameworks.

Keywords: payment systems, law, technology, data protection, payment gateways, payments policy

JEL Classification: K23,G28

Suggested Citation

Sane, Renuka and Shah, Ajay and Zaveri, Bhargavi, Should Consumers Be Prohibited From Storing Card Data on the Internet? (June 21, 2021). Available at SSRN: https://ssrn.com/abstract=3867979 or http://dx.doi.org/10.2139/ssrn.3867979

Renuka Sane

National Institute of Public Finance and Policy ( email )

18/2, Satsang Vihar Marg
New Delhi, 110067
India

Ajay Shah

Independent ( email )

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
12
Abstract Views
248
PlumX Metrics