RBI eases rules for online payments up to Rs 2000
In this model, the card issuing banks will offer the “payment authentication solutions” of the respective card networks to their customers on an optional basis."
In its bid to make online payments easier and less cumbersome, the Reserve Bank of India (RBI) on Tuesday said that additional factor of authentication (AFA) for payments up to Rs 2000 are being relaxed.
RBI said, "The Reserve Bank has been receiving requests from certain segments of the industry for reviewing the requirement of AFA for low value online card not present (CNP) transactions. As most of the requests were for merchant specific relaxations on AFA requirements, they were not appropriate at the system level. An alternate solution, provided by authorised card networks is expected to meet the objective of customer convenience with sufficient security for low value transactions. In this model, the card issuing banks will offer the “payment authentication solutions” of the respective card networks to their customers on an optional basis."
What this simply means is that a customer can opt for a one-time registration process requiring entry of their credit or debit card details and an AFA with their respective bank. Thereafter, the registered customers will not be required to re-enter the card details for every transaction at merchant locations that offer this solution and thereby save time and effort. "In this model, the card details already registered would be the first factor while the credentials used to login to the solution (as confirmed by the card network providing the solution) would be the additional factor of authentication," RBI said.
Beyond the transaction limit of ₹ 2000/-, the card not present transaction has to necessarily be processed as per the extant instructions with mandatory AFA
RBI said, "Even for transaction values below this limit, the customer may choose to make payment using other forms of AFA as hitherto."
However, with growing digital frauds and siphoning off money from people bank accounts online, this move to doing away with AFA may make digital bank accounts more vulnerable. There may be a possibility that a fraudster, once gotten hold of digital banking details of a customer, executes money transfers worth Rs 2000 multiple times within a short span of time.
RBI, to counter such an event, said, "Suitable velocity checks (i.e., how many such small value transactions will be allowed in a day / week / month) may be put in place by banks/card networks as considered appropriate."
The bank further said that this easing of safety net shall be made available to a customer only after taking their consent.
Moreover, the banks or authorised card networks offering such solutions will bear the full liability in the event of any security breach or compromise in the authorised card network, RBI said.