×

FREE CONSULT

Learn More Services The Corporate & Financial Sector Our presence in Know About Our Team CA, CS, Corporate Lawyers & Others Our specialized team of Learn More About Us Client's Ever Changing Requirements One stop solution for

Integrity

Our essence is rooted in being honest and straight forward. We advise and advocate what we truly believe.

Wisdom

Our team and collective efforts allow free flow of information and knowledge from top to bottom and vice versa.

Togetherness

Teamwork is rooted in affluence DNA and we very much acknowledge the outcome of team work.

Confidentiality

We firmly believe that Confidentiality is the cornerstone of our Profession and strive to maintain it to the fullest possible extent.

Simplicity

We believe that the simplest solution is the best one.

Commitment

We understand only our profession and we are devoted to it. We are cent percent committed to the delivery of quality services to our clients.

About

Affluence

The Reserve Bank of India (RBI) has been issuing guidelines from time to time on the Regulation of Payment Gateways and Payment Aggregators to regulate the Payment Aggregators (PAs) and Payment Gateways (PGs) in the interest of the consumer as it holds large volumes of consumer data. The new guidelines issued by RBI forbids the PAs and PGs from storing consumer card credentials on their database or server as a financial security measure. RBI has issued norms for regulating payment aggregators and payment gateways through various circulars as amended from time to time and at the request of the industry stakeholders

vide circular DPSS.CO.PD.No.1810/02.14.008/2019-20 dated March 17, 2020 the authorised non-bank payment aggregators and merchants on-boarded by them were prohibited from storing card data (CoF) from June 30, 2021
Vide circular CO.DPSS.POLC.No.S33/02-14-008/2020-2021 dated March 31, 2021 further extended to December 31, 2021
vide circular CO.DPSS.POLC.No.S-1211/02-14-003/2021-22 dated December 23, 2021 on “Restriction on storage of actual card data [i.e. Card-on-File (CoF)]” at the request of the industry stakeholders for devising alternate mechanism(s) to handle any use case or post-transaction activity, this timeline was extended to June 30, 2022
RBI/2022-23/77 CO.DPSS.POLC.No.S-567/02-14-003/2022-23 Restriction on Storage of Actual Card Data [i.e. Card-on-File (CoF)] dated June 24, 2022 the timeline for storing the actual card data i.e. Card-on-File (CoF) has been extended by three months till September 30, 2022 post which new card storage rules shall apply.

What are Payment Aggregators (PAs) and Payment Gateways (PGs)?

Payment Aggregators (PAs) and Payment Gateways (PGs) are intermediaries playing an important function in facilitating payments in the online space.

A payment gateway acts as a transaction intermediary between merchants and customers while a payment aggregator facilitates fund transfers between two parties and a bank. A Payment Aggregator can provide a Payment Gateway, but a Payment Gateway can’t offer or provide a Payment Aggregator.

Latest Amendments

With effect from January 1, 2022, no entity in the card transaction / payment chain, other than the card issuers and / or card networks, shall store the CoF data i.e. actual debit card/credit card data. Any previous data stored therein shall be purged. Accordingly, neither the authorized Payment Aggregators (PAs) nor the merchants on-boarded by them can store customer card credentials within their database or server.

All your saved credit and debit card details have to be deleted by 30th September, 2022, and one will need to manually enter all your card details for every online payment. However, your explicit approval will allow merchant authority to work with your bank and card networks to provide you with the same seamless payment experience as it was earlier.

It is observed that considerable progress has been made in terms of token creation. Transaction processing based on these tokens has also commenced, though it is yet to gain traction across all categories of merchants. Further, an alternate system in respect of transactions where cardholders decide to enter the card details manually at the time of undertaking the transaction (commonly referred to as “guest checkout transactions”) has not been implemented by the industry stakeholders, so far. In addition to tokenisation, industry stakeholders may devise alternate mechanism(s) to handle any use case (including recurring e-mandates, EMI option, etc.) or post-transaction activity (including chargeback handling, dispute resolution, reward / loyalty programme, etc.) that currently involves / requires storage of CoF data by entities other than card issuers and card networks

Example: – While using amazon application one used to save his/her card details on the said application, just he/she while purchasing anything from the app need to input CVV number followed by OTP and then the transaction use to take place successfully. But from September onwards one need to put all the detail manually such as Card Number, Name, Card Expiry Number followed by CVV and OTP. This measure is taken to prevent unauthorized use of Card.

Tokenisation – Card Transactions: Permitting Card-on-File Tokenisation (CoFT) Services

Abstract:

Tokenization refers to replacement of actual card details with a unique alternate code called the “token”, which shall be unique for a combination of card, token requestor and device

To improve the safety and security of card transaction, RBI has permitted card networks for tokenisation in card transactions for a specific use case.

Progress History through RBI notifications:

All Payment System Providers and Payment System Participants authorized card payment networks are permitted to offer card tokenization services subject to the conditions listed in circular DPSS.CO.PD No.1463/02.14.003/2018-19 dated January 08, 2019 on “Tokenisation – Card transactions” to any token requestor (i.e., third party app provider). This permission extends to all use cases / channels [e.g., Near Field Communication (NFC) / Magnetic Secure Transmission (MST) based contactless transactions, in-app payments, QR code-based payments, etc.] or token storage mechanisms (cloud, secure element, trusted execution environment, etc.).

Initially vide circular CO.DPSS.POLC.No.S-516/02-14-003/2021-22 dated September 07, 2021 on “Tokenisation – Card Transactions : Extending the Scope of Permitted Devices” authorised card networks were permitted to offer card tokenization services to any token requestor limited to mobile phones and tablets of interested card holder only, this facility was subsequently extended to include consumer devices -laptops, desktops, wearables (wrist watches, bands, etc.), Internet of Things (IoT) devices, etc., vide our circular CO.DPSS.POLC.No.S-469/02-14-003/2021-22 dated August 25, 2021 on “Tokenisation – Card Transactions : Extending the Scope of Permitted Devices”.

This initiative was undertaken by RBI with an expectation to make card transactions more safe, secure and convenient for the users. The ultimate responsibility for the card tokenisation services rendered rests with the authorised card networks. All other instructions related to card transactions shall be applicable for tokenised card transactions as well. All extant instructions of Reserve Bank on safety and security of card transactions, including the mandate for Additional Factor of Authentication (AFA) / PIN entry shall be applicable for tokenised card transactions also.

Key Highlights:

  1. In reference to  circulars DPSS.CO.PD.No.1810/02.14.008/2019-20 dated March 17, 2020 (as updated from time to time) and CO.DPSS.POLC.No.S33/02-14-008/2020-2021 dated March 31, 2021 on “Guidelines on Regulation of Payment Aggregators and Payment Gateways”, advising that neither the authorised Payment Aggregators (PAs) nor the merchants on-boarded by them shall store customer card credentials [also known as Card-on-File (CoF)]
  2. Token Service Provider (TSP) refers to the entity which tokenises the actual card credentials and de-tokenises them whenever required. The TSP shall put in place a mechanism to ensure that the transaction request has originated from the merchant and the token requestor with whom the token is associated.
  3. The device-based tokenisation framework has exended to CoF Tokenisation (CoFT) as well
  4. Card Issuer are permitted to offer card tokenisation services as Token Service Providers (TSPs). Earlier only card networks were allowed to act as TSPs.
  5. TSPs shall offer the facility of tokenisation only for the cards issued by / affiliated with them.
  6. The ability to tokenise and de-tokenise card data shall be with the same TSP
  7. Tokenisation of card data shall be done with explicit customer consent requiring Additional Factor of Authentication (AFA) validation by card issuer.
  8. For Card on File Tokenisation (CoFT) Services, the token shall be unique for a combination of card, token requestor and merchant. Merchant here refers to end merchant. However, in case of an e-commerce marketplace entity, merchant refers to the said e-commerce entity. Further, token requestor and merchant may or may not be the same entity.
  9. If card payment for a purchase transaction at a merchant is being performed along with the registration for CoFT, then AFA validation may be combined
  10. The merchant shall give an option to the cardholder to de-register the token. Further, a token requestor having direct relationship with the cardholder shall list the merchants in respect of whom the CoFT has been opted through it by the cardholder; and provide an option to de-register any such token.
  11. A facility shall also be given by the card issuer to the cardholder to view the list of merchants in respect of whom the CoFT has been opted by her / him, and to de-register any such token. This facility shall be provided through one or more of the following channels – mobile application, internet banking, Interactive Voice Response (IVR) or at branches / offices.
  12. Whenever a card is renewed or replaced, the card issuer shall seek explicit consent of the cardholder for linking it with the merchants with whom (s)he had earlier registered the card.

Conclusion

In the interest of clarity, the following points may be noted

  • With effect from September 30, 2022, no entity in the card transaction / payment chain, other than the card issuers and / or card networks, shall store the actual card data. Any such data stored previously shall be purged.
  • For transaction tracking and / or reconciliation purposes, entities can store limited data – last four digits of actual card number and card issuer’s name – in compliance with the applicable standards.
  • Complete and ongoing compliance with the above by all entities involved, shall be the responsibility of the card networks.

Reference:

  1. Reserve Bank of India (RBI) circulars DPSS.CO.PD.No.1810/02.14.008/ 2019-20 dated March 17, 2020
  2. CO.DPSS.POLC.No.S33/02-14-008/2020-2021 dated March 31, 2021 on “Guidelines on Regulation of Payment Aggregators and Payment Gateways”,
  3. CO.DPSS.POLC.No.S-516/02-14-003/2021-22 dated September 07, 2021 on “Tokenisation – Card Transactions: Permitting Card-on-File Tokenisation (CoFT) Services”
  4. circular CO.DPSS.POLC.No.S-1211/02-14-003/2021-22 dated December 23, 2021 on “Restriction on storage of actual card data [i.e. Card-on-File (CoF)]”
  5. RBI/DPSS/2019-20/174 DPSS.CO.PD.No.1810/02.14.008/2019-20 Guidelines on Regulation of Payment Aggregators and Payment Gateways (Updated as on November 17, 2020)
  6. circular DPSS.CO.PD.No.1102/02.14.08/2009-10 dated November 24, 2009 on ‘directions for opening and operation of accounts and settlement of payments for electronic payment transactions involving intermediaries’.
  7. RBI/2018-19/103 DPSS.CO.PD No.1463/02.14.003/2018-19 Tokenisation – Card transactions dated January 08, 2019

 

Our Expertise

Our Services

  • 01
    Valuation

    Valuation opinion requires the right blend of analysis, experience and professional judgement. Our team has a Registered Valuer as required under

    Learn More
  • 02
    Due Diligence

    We provide financial, tax and corporate law due diligence support to our clients for inbound and outbound transactions.

    Learn More
  • 03
    ESOP

    ESOPs are one of the important tools to attract and retain employees and have long term career with the organization.

    Learn More
  • 04
    RBI / FEMA Compliance

    There are several compliances specified under FEMA for Indian Companies having FDI and ODI (Indian entities having investments in overseas Joint Venture

    Learn More
  • 05
    NBFC Registration and Compliances

    We carry experience of 15 years for registration of the NBCF with the RBI or carry out the process for change in management and control of the NBFC.

    Learn More
  • 06
    Fintech

    FinTech Companies are broadly categorized into digital payments or digital lending Companies. At Affluence,

    Learn More
  • 07
    Foreign Entities

    India has emerged as one of the most attractive destinations not only for investments

    Learn More
  • 08
    Company Secretarial Compliances

    We provide the entire gamut of Corporate Law Services, essential in rapidly changing regulatory and corporate environment.

    Learn More
  • 09
    SEBI Registration and Compliances

    SEBI plays an important role in regulating all the players operating in the Indian capital markets. It attempts to protect the interest of investors and aims at

    Learn More
  • 10
    Stressed Asset Resolution under IBC

    We provide advisory and support services to the corporates/other entities, devising and structuring solutions for stress mitigation in their enterprises/units.

    Learn More
  • 11
    Initial Public Offer

    On the journey of transformation of a private company into a public company, success depends a great deal on a coordinated team

    Learn More
  • 12
    Direct Tax

    The efforts of any management in modern business environment are towards enhancing a shareholder’s value. The taxes (both direct and indirect) and

    Learn More
  • 13
    Indirect Tax

    We at Affluence, adopt a comprehensive approach for implementation and compliances related to the GST and with an object to offer seamless services to our clients listed below.

    Learn More
  • 14
    Accounts Outsourcing

    In the fast-changing environment, procuring and retaining skilled staff is a challenge. Specially in the case of SMEs, in the absence of accounting manual

    Learn More
  • 15
    Risk Advisory

    Today’s businesses across the globe increasingly seek better decision-making and stronger internal controls in order to attain greater shareholder value.

    Learn More
  • 16
    Startup and MSME Advisory

    ‘Startup India’ is a flagship initiative of the Government of India, intended to catalyze startup culture and build a strong and inclusive ecosystem for innovation and

    Learn More
  • 17
    Assurance

    Assurance and accounting services are directed towards supporting stakeholders such as lenders and investors. Our standardized

    Learn More
  • 18
    Directors Due Diligence

    Director stand in a fiduciary position with the Company and Director will be held liable if Director do not act diligently in discharging his/her duties.

    Learn More
We are Professional

Our Team

People are our greatest asset and we believe in our people. Our multi disciplinary team would always go that extra mile to ensure that all the client deliverables are prepared within agreed time frame to technical standards and presentational quality. Our success is greatly dependent on quality and performance of our people.

  • CA Nimish Khakhar

    Nimish Khakhar

    He is a fellow member of the Institute of Chartered Accountants of India. He has over 23 years of experience in Transaction (M &A) and Transaction Support Services (Vendor and Buyer side Due Diligence). His Portfolio includes both Brick and Mortar and Modern Trade Businesses. He has played key roles in a few large M & A transactions and is also been actively involved in advising Unicorns since the commencement of operations.

  • CS S. N. Baheti

    S. N. Baheti

    He is an Associate Member of the Institute of Company Secretaries of India. He has 42 years of work experience in banking and financial services (including 34 years in IDBI group), with a diversified work profile having all-round exposure to activities of Development Financial Institutions, Infrastructure Debt Fund (NBFC), Mutual Funds, Commercial Banking, NBFC-HFC, and Company Boards including MD and CEO positions and Directorships in large corporates. Presently handling assignments as Insolvency Professional. He has played a key role as RBI representative in the resolution of one of the largest NBFC transaction.

  • Sanjiv Kumar Sachdev

    Sanjiv Kumar Sachdev

    Banking professional with more than 36 years of experience in Bank and more than 25 years of experience in Project Evaluation and financing, Financial Restructuring, Resolution of Stress Accounts, Debt Syndication, Infrastructure projects, Relationship management & networking, Business development, Legal and contractual Documentation and Business Planning. During his tenure with the Bank, he had held important portfolio’s and was heading Large Corporate Group of the Bank. He also worked in Infrastructure Corporate Group for Northern Region. He was involved in various policy meetings for development of Infrastructure Projects organised by various Govt agencies and Indian Banks’ Association. He has been Chairing many consortium meetings of Lenders for Debt Syndication as well as Resolution of Stress Assets.

  • CA Dwiresh Oza

    Dwiresh Oza

    He is having 27 years of extensive professional experience in Corporate Finance, Project Finance, Private Equity, Public/Rights Issues, Due Diligence, Corporate Debt Restructuring (CDR), ERP implementation, 50:50 International Joint Venture, Closely held as well as Listed Manufacturing Accounting, Statutory/Internal/Tax Audit and knowledge of IFRS. Have worked for more than 10 years in Infrastructure, viz. Ports and roads. Have demonstrated the ability to work across teams and with the senior management and Board of Directors in achieving various strategic initiatives on a time-bound and structured approach.

  • CA Payal Gada

    Payal Gada

    She is a fellow member of the Institute of Chartered Accountants of India and has 18 years of post-qualification experience. She is a registered valuer with IBBI as Valuation Professional and for the last 8 years, she is working on financial modeling and fair value analysis across different industries for diverse purposes, including regulatory/compliance, investment, and financial reporting. Fair valuation across asset classes including but not limited to business valuation, intangible, ESOPs, convertible instruments, and other complex instruments.

  • CA Rashmi Dubey

    Rashmi Dubey

    She is an associate member of the Institute of Chartered Accountants of India. Over 6 years of post-qualification experience she has specialized in Risk Advisory. Her Risk Advisory experience includes internal audit, ICFR, designing of SOPs, corporate governance, enterprise risk management, internal audits.

  • CS Sachin Kotian

    Sachin Kotian

    He is a fellow member of the Institute of Company Secretaries of India. Over 15 years of experience, he has expanded his advisory and compliance services in respect of Companies Act/ SEBI / RBI / FEMA /NBFC and other Corporate Laws. Further, Research is his area of interest.

  • CS Rajeshri Kanojia

    Rajeshri Kanojia

    She is an associate member of the Institute of Company Secretaries of India with 10 years of experience in secretarial compliance and legal matters. Her forte is RBI and FEMA compliances and she is leading advisory and compliances practice of financial services which includes NBFC and Fintech Companies. Her LLB qualification gives her an edge to attend Corporate agreements and Corporate Laws.

  • CS Vinesh Mestry

    Vinesh Mestry

    He is an associated member of the Institute of Company Secretaries of India. His horizon for more than 7 years in the field of Corporate Law and adjudication-related matters before Regional Directors, NCLT. His LLB qualification gives an additional advantage in matters relating to Compounding, Mergers & Amalgamations before Regional Directors, NCLT & Other Regulatory Authorities.

  • CS Bhavesh Chheda

    Bhavesh Chheda

    He is an associated member of the Institute of Company Secretaries of India. He has experience of more than 8 years and focuses on BSE and NSE Listed Companies and SEBI and Corporate Governance related matters. He also supports the compliance team in respect of Companies Act / RBI / FEMA / Corporate law.

  • CS Tanvi Shah

    Tanvi Shah

    She is an associate member of the Institute of Company Secretaries of India. Over 5 years of post-qualification experience, she focuses on Compliances of Companies Act/RBI/ and NBFC.

  • CS Karishma Parmar

    Karishma Parmar

    She is an associate member of the Institute of Company Secretaries of India. Her interest is in Compliances of Company Law/RBI and NBFC.

  • CA Ambarish Sodha

    Ambarish Sodha

    He is a fellow member of the Institute of Chartered Accountants of India. Over 43 years in direct tax litigation and tax advisory services, he appears before first and second appellate authorities. Over and above Profession, he is actively engaged in several social causes including promoting girls’ education in rural areas.

  • CA Payal Khakhar

    Payal Khakhar

    She is a fellow member of the Institute of Chartered Accountants of India. She has experience with over two decades. She heads indirect tax practice that covers regular GST compliances, GST reviews, and advisory services across different sectors.

  • CA Tejas Sodha

    Tejas Sodha

    He is a fellow member of the Institute of Chartered Accountants of India. He handles Direct tax litigation and compliance for over 12 years and regularly appears before first and second appellate authorities. He advises NRI on direct tax and withholding tax matters. His involvement in complex tax structuring has been appreciated by the Clients.

  • CA Dipesh Sangoi

    Dipesh Sangoi

    He is a fellow member of the Institute of Chartered Accountants of India. He heads Assurance practice and handles listed as well as unlisted companies and MNCs over the last 15 years. He manages Statutory Audits, Bank Audits - Central Statutory and Branch Audits, and Certification work for obtaining Bank Finance and certificates required for Public Issues.

  • CA Payal Doshi

    Payal Doshi

    She is a member of the Institute of Chartered Accountants of India. Her 10 years of experience is channelized towards Statutory Audits of Listed as well as unlisted entities and Tax Audits and Certification work.

  • CA Viral Shah

    Viral Shah

    He is a member of the Institute of Chartered Accountants of India. He has experience of more than 7 years and he is involved in Statutory Audits of Listed as well as Unlisted entities and Tax Audits and Bank Audits.

  • CA Ritesh Jain

    Ritesh Jain

    He is a member of the Institute of Chartered Accountants of India. He is engaged in compliance and management support functions. His industry experience contributes significantly to his delivery.

🤞 level up your inbox!

Subscribe to our newsletter for a dose of inspiration, helpful tips.