RBI Restricts Business Card Use and Data Sharing

RBI-Restricts-Business-Card-Use-and-Data-SharingRBI imposes limits on business card usage and restricts the sharing of customer data

The Reserve Bank of India (RBI) has recently issued new rules for credit and debit cards meant for business accounts, to enhance the security and efficiency of card transactions. The new rules, which came into effect immediately, cover various aspects of card issuance, conduct, and data sharing The RBI has also ordered Visa to stop using an unauthorized route to make business-to-business card payments, which involved fintech companies as intermediaries in this article, we will discuss the main features and implications of the new rules, as well as the reasons behind the RBI’s actions.

The new rules issued by RBI are as follows:

Monitoring the end use of funds:

The RBI has directed the card issuers to put in place an effective mechanism to monitor the end use of funds by cardholders, especially for large-value transactions. The card issuers should also ensure that the card transactions comply with the applicable laws and regulations, such as the Foreign Exchange Management Act, of 1999, the Prevention of The Income Tax Act of 1961 and the Money Laundering Act of 2002.

 Restricting data sharing:

The RBI has made it illegal for card issuers to provide any outsourced partners with consumer card data unless the partners must perform their duties. The card issuers should also obtain the explicit consent of the cardholders before sharing their card data with any third party. The card issuers should also ensure that the storage and ownership of the card data remain with them and that the card data is not compromised or misused by any party.

Supporting tokenization:

The RBI has allowed card issuers to support the tokenization of card data, which is a process of replacing the actual card number with an alternative code or token, to enhance the security and convenience of card transactions. The card issuers should ensure that the tokenized card data is visible only to the cardholder and that it is not accessed or stored by the co-branding partner or any other party.  

Implications of the New Rules

The new rules issued by the RBI have the following implications for the card issuers, the cardholders, and the card networks:

 For card issuers:

The card issuers will have to comply with the new rules and make the necessary changes in their systems and processes, such as implementing the monitoring mechanism, obtaining the consent of the cardholders, and supporting the tokenization process. The card issuers will also have to ensure that their outsourcing partners and co-branding partners adhere to the new rules and do not violate the card data security and privacy norms.

 For cardholders:

The cardholders will have to provide their consent to the card issuers before sharing their card data with any third party and verify the authenticity and legitimacy of the third party before providing their card data. The cardholders will also have to opt for tokenization of their card data, which will enhance the security and convenience of their card transactions. The cardholders will also have to be vigilant and report any suspicious or fraudulent card transactions to the card issuers and the card networks.

For card networks:

The card networks will have to ensure that the card issuers and the card networks comply with the new rules and the relevant standards and guidelines issued by the RBI and the card networks. The card networks will also have to support the tokenization process and provide the necessary infrastructure and technology for the same.

The card networks will also have to monitor and prevent any unauthorized or illegal card transactions and report any breach or misuse of card data to the RBI and the card issuers.

Join our WhatsApp and Telegram Community to Get Regular Top Tech Updates

Whatsapp Icon
Telegram Icon

link