Enhancing Security of Card Transactions
With the increasing volume and value of transactions through cards Reserve Bank of India on Wednesday the 15th January 2020, issued new rules for credit and debit cards to improve user convenience and increase the security of card transactions. RBI asks banks to allow only domestic card transactions at ATMs and PoS terminals in India at the time of issuance/re-issuance of card.
The central bank has asked the banks to no longer issue contactless cards by default; and has also allowed the card users to enable, disable cards for online use. RBI believes the move will improve user convenience and increase the security of card transactions.
RBI asks banks to allow only domestic card transactions at ATMs and PoS terminals in India at the time of issuance/re-issuance of card
For international transactions, online transactions and contact-less transactions, customers will have to separately set up services on their card
The concept of a digital India is widely promoted and on the lines of innovation. These innovations in the payment space also come with attached transaction risks. As per RBI, as of September 2019, there are over five crore of outstanding credit cards at the end of the month while the number of debit cards was north of eighty three crore.
To improve user convenience and increase the security of card transactions, Reserve Bank of India (RBI) has issued compliance directions to enhance security of card transactions. The directions are issued under the Payment and Settlement Systems Act, 2007, and will come into effect from March 16, 2020 as under:
a) At the time of issue / re-issue, all cards (physical and virtual) shall be enabled for use only at contact based points of usage [viz. ATMs and Point of Sale (PoS) devices] within India. Issuers shall provide cardholders a facility for enabling card not present (domestic and international) transactions, card present (international) transactions and contactless transactions, as per the process outlined in para 1 (c).
b) For existing cards, issuers may take a decision, based on their risk perception, whether to disable the card not present (domestic and international) transactions, card present (international) transactions and contactless transaction rights. Existing cards which have never been used for online (card not present) / international / contactless transactions shall be mandatorily disabled for this purpose.
c) Additionally, the issuers shall provide to all cardholders:
- facility to switch on / off and set / modify transaction limits (within the overall card limit, if any, set by the issuer) for all types of transactions – domestic and international, at PoS / ATMs / online transactions / contactless transactions, etc.;
- the above facility on a 24x7 basis through multiple channels - mobile application / internet banking / ATMs / Interactive Voice Response (IVR); this may also be offered at branches / offices;
- alerts / information / status, etc., through SMS / e-mail, as and when there is any change in status of the card.
2. The provisions of this circular are not mandatory for prepaid gift cards and those used at mass transit systems.
The latest instructions assume significance amid rising instances of cyber frauds. Most fraud transactions related to cards happen overseas as they can easily by-pass two factor authentications of PIN. There were some banks offering above facility partially. With RBI pushing for these new rules, it will create more awareness and people must use it to prevent fraud.
Source: rbi.org.in, LiveMint, ET