RBI ensures secured online credit card transactions

Tagged with: , ,
Tuesday, July 14, 2009
This article is posted in Money Matters category and has 7 Comments so far.

visaAfter 1st Aug-2009, you need not think twice before letting your credit card out of sight at a restaurant, petrol pump or any other merchant establishment. The details printed on your card including the card number, expiry date and three-digit card security code (popularly known as the CVV) will not be enough to make fraudulent online transactions.

A RBI directive has ensured that from 1st August 2009, credit and debit card-issuing banks must provide for additional authentication of information over and above what is visible on the physical card. In other words, the cardholder must key in an extra security code to complete a online transaction.

RBI specifies, “Banks are free to decide on the technology they wish to use to fall in line with these instructions.” On their part, banks have been beefing up their online security. Virtual cards, which have been around for a while, are a secure option offered by the likes of HDFC Bank, ICICI Bank and Kotak Mahindra Bank.  For normal VISA and Master credit cards issued by banks two new online cards registration procedures known as “verfied by VISA” and “Mastercard Securecode” have already been initiated.  Check your bank’s website for registering your credit card before 1st August 2009.

After registration procedure of these VISA and Master credit cards completed by the card holders, Banks offer increased security via MasterCard’s Securecode and Visa’s Verified by Visa, which offer personalised passwords. Much like the authentication process required for payment card use at ATMs, SecureCode requires cardholders to enter their personal code in an online window on their PC before a transaction can be processed. Even if you lose / misplace your credit card it cannot be misused online as the password is not present on the card.

But these initiatives can work only if the cardholder is prompted to enter the code by the merchant site.  The card-issuing bank, the retailer and the retailer’s acquiring bank will all have to participate. Even if one of these entities does not participate, the cardholder is not prompted to enter the SecureCode.  We wish all the credit issuing banks in the country implement this technology to make their cardholders to transact on e-commerce sites using secured passwords.


Related Posts

You can leave a response, or trackback from your own site.

7 Responses to “RBI ensures secured online credit card transactions”

  1. Padmanabhan said on Wednesday, July 15, 2009, 5:49

    sir,
    The procedure that cardholder must key in an extra security code to complete a online transaction is a very good idea.extra safety is a urgent need one .but i can not understand the dead line for registering your credit card before 1st August 2009.
    thanking you,yours sincerely V.Padmanabhan,VCRC(ICMR) Pondicherry

    Reply

  2. D M K Murthy said on Wednesday, July 15, 2009, 22:25

    Dear Sir,
    I do agree with the views of Mr.Padmanabhan entirely. It is high time to take immediate remedial action to avoid fraud. Extra PIN or Password is welcome.

    Reply

  3. K.bhattacharya said on Thursday, July 16, 2009, 22:42

    Dear Sir,
    Introduction of extra PIN or password is heartily welcomed. It can reduce the fraudulent transtions. but how the card holder may get from issuing authority.

    Reply

  4. A K PANDEY said on Tuesday, July 21, 2009, 23:39

    Tata AIG has misused my card with the help of CITIBANK. It is very good step taken by RBI. TO PREVENT THE FRUD DONE BY THE BANKERS LIKE CITIBANK.

    Reply

  5. Payment Security Expert said on Wednesday, July 22, 2009, 11:43

    RBI never sponsored or stated specific systems such as Verified by Visa or Mastercard UCAF/SPA in its directive. Before, the entire banking industry in India goes on this bandwagon, it is best to simply learn about the experience of cardholders and online merchants as it concerns these two systems.

    Just google ” verified by visa 2009 ” or go to this link : http://www.boingboing.net/2009/03/28/verified-by-visa-bri.html.

    VBV or UCAF/SPA static passwords can be easily phished. Once phished and used by fraudsters, it then makes it very difficult (not impossible) for the legitimate cardholder to dispute a fraudulent online payment made with his VBV or UCAF/SPA credentials.

    On the other hand, fraudsters can easily collaborate and share each other’s VBV or UCAF/SPA credentials and then dispute the charges with the issuing banks. The issuing Banks can never prove that the cardholder’s static VBV or UCAF/SPA’s credentials were not phished or compromised.

    Reply

  6. Payment Security Expert said on Wednesday, July 22, 2009, 14:22

    It surprises me that India, the world’s technical resource, would copy the errors made by Banks elsewhere in the world that tried introducing VBV or UCAF/SPA. It is relatively simple for anyone to do a google search on Verified by VISA and realize that it has not been successful in other parts of the world. At least banks in other parts of the world and online merchants were not mandated to implement these systems. Be wary of mandated systems. A good security system never needs to be mandated.

    Reply

  7. narayanan said on Tuesday, November 17, 2009, 9:45

    ya its good, but if u use your visa/master card for online purchase it is asking for security code.If you buy anything using paypal through your card it is not asking for the security code.So for every purchase made by using your card,the security code should be mandated. 

    Reply

Leave a Reply