If a merchant is PCI/DSS compliant and was saving cards on their own server how can they meet RBI’s compliance requirement?


If you are a merchant who already PCI/DSS compliant, here is what you need to do to stay RBI compliant,

  • Merchants who were saving the card number on their own servers, will also have to either integrate with individual card schemes and become a token requestor themselves or integrate with Token Vault where Cashfree Payments will be a token requestor on merchant’s behalf.
  • PCI/DSS compliant merchants have to delete the already saved cards with them as RBI does not allow bulk tokenization of cards.
Did this answer your question?