RBI ensures secured online credit card transactions
After 1st Aug-2009, you need not think twice before letting your credit card out of sight at a restaurant, petrol pump or any other merchant establishment. The details printed on your card including the card number, expiry date and three-digit card security code (popularly known as the CVV) will not be enough to make fraudulent online transactions.
A RBI directive has ensured that from 1st August 2009, credit and debit card-issuing banks must provide for additional authentication of information over and above what is visible on the physical card. In other words, the cardholder must key in an extra security code to complete a online transaction.
RBI specifies, “Banks are free to decide on the technology they wish to use to fall in line with these instructions.” On their part, banks have been beefing up their online security. Virtual cards, which have been around for a while, are a secure option offered by the likes of HDFC Bank, ICICI Bank and Kotak Mahindra Bank. For normal VISA and Master credit cards issued by banks two new online cards registration procedures known as “verfied by VISA” and “Mastercard Securecode” have already been initiated. Check your bank’s website for registering your credit card before 1st August 2009.
After registration procedure of these VISA and Master credit cards completed by the card holders, Banks offer increased security via MasterCard’s Securecode and Visa’s Verified by Visa, which offer personalised passwords. Much like the authentication process required for payment card use at ATMs, SecureCode requires cardholders to enter their personal code in an online window on their PC before a transaction can be processed. Even if you lose / misplace your credit card it cannot be misused online as the password is not present on the card.
But these initiatives can work only if the cardholder is prompted to enter the code by the merchant site. The card-issuing bank, the retailer and the retailer’s acquiring bank will all have to participate. Even if one of these entities does not participate, the cardholder is not prompted to enter the SecureCode. We wish all the credit issuing banks in the country implement this technology to make their cardholders to transact on e-commerce sites using secured passwords.
Recent Posts
- New Rupee Symbol in Word 2007 and Excel 2007
- Can you write in GConnect?
- Stress Management-Learn to say “No”
- Include Rupee symbol button in MS-Excel Worksheet
- Cabinet’s nod for raise in IT Exemption Limit
- Fresh List of approved private Hospitals and package rates under CGHS w.e.f. 01.09.2010
- Script to add New Rupee button in your computer
- Appointment of Halba Koshti/Halbi Koshti candidates against ST vacancies
10 Responses to “RBI ensures secured online credit card transactions”
Leave a Reply
Search GConnect
Subscribe
You can subscribe to receive email about latest updates in GConnect:
Subscribe through a RSS feed reader
Chatter Box
GC SMS Update
Want GConnect updates on your Mobile?
Subscribe to SMS alerts for FREE!
(Get a Gmail Account if you don't have one)
Padmanabhan said on Wednesday, July 15, 2009, 5:49
sir,
The procedure that cardholder must key in an extra security code to complete a online transaction is a very good idea.extra safety is a urgent need one .but i can not understand the dead line for registering your credit card before 1st August 2009.
thanking you,yours sincerely V.Padmanabhan,VCRC(ICMR) Pondicherry
Reply
Alok Chowdhury Reply:
June 14th, 2010 at 3:19 pm
I think the intended meaning of the report was to say that the new system would start working by Aug.1, 2009 and after which date online card transactions with our the PIN cannot be completed. Now that considerabe time has elapsed since Aug.1, my experience in this regard has been dissapointing.
Later on my SBI card was lost and was fraudulently swiped for a number huge transactions. Had the new security system been in place as directed by the RBI, many creditcard holders like me would be saved from grave finanial loss. Will any one advise me as to how to battle with a powerful entity like SBI for not being vigilant and for being tardy in its duty to implement RBI instructions in this matter? Further, I am seeking a copy of the RBI directive in question, and shall be thankful if anyone having access to it would kindly mail me a copy.
Reply
padmanabhan Reply:
June 17th, 2010 at 4:53 pm
sir, my suggestion is that to get the circular you can ask RBI under RTI the details of the steps taken by RBI in curbing fraudulent transaction. You might have given many representation to SBI so ask SBI under RTI the details of the action taken SBI in curbing fraudulentl trnsaction in net.thank you, yours sincerely V.Padmanabhan VCRC(ICMR) Pondicherry
Reply
padmanabhan Reply:
June 30th, 2010 at 9:39 pm
sir,
when i search google RBI regulations for on line credit card i got website RBI regulations for on line credit card then i found circular which i am attaching now.
RBI/2008-2009/387
RBI / DPSS No. 1501 / 02.14.003 / 2008-2009 February 18, 2009
The Chairman and Managing Director / Chief Executive Officers
All Scheduled Commercial Banks including RRBs /
Urban Co-operative Banks / State Co-operative Banks /.
District Central Co-operative Banks
Madam / Dear Sir
Credit/Debit Card transactions-
Security Issues and Risk mitigation measures
The use of Credit/Debit Cards has been increasing in the country. We have been reviewing various options to enhance the security of online card transactions. After extensive consultations with banks/card companies, it has been decided as under:
2. It would be mandatory to put in place with effect from August 01, 2009:
i) A system of providing for additional authentication/validation based on information not visible on the cards for all on-line card not present transactions except IVR transactions (for which separate instructions will follow).
ii) A system of ‘;Online Alerts’; to the cardholder for all ‘card not present’ transactions of the value of Rs. 5,000/ and above.
3. Banks are advised to strictly adhere to the instructions and time discipline indicated in this circular. Non-adherence to the directives shall attract penalties prescribed under the Payment and Settlement Systems Act 2007 (Act 51 of 2007).
4. This directive is issued under section 18 of Payment and Settlement Systems Act 2007, (Act 51 of 2007).
5. Please acknowledge receipt.
Yours faithfully
(G. Padmanabhan)
Chief General Manager
if you provide email i will send it as attach thank you, yours sincerely V.padmanabhan TO,VCRC (ICMR) Pondicherry
D M K Murthy said on Wednesday, July 15, 2009, 22:25
Dear Sir,
I do agree with the views of Mr.Padmanabhan entirely. It is high time to take immediate remedial action to avoid fraud. Extra PIN or Password is welcome.
Reply
K.bhattacharya said on Thursday, July 16, 2009, 22:42
Dear Sir,
Introduction of extra PIN or password is heartily welcomed. It can reduce the fraudulent transtions. but how the card holder may get from issuing authority.
Reply
A K PANDEY said on Tuesday, July 21, 2009, 23:39
Tata AIG has misused my card with the help of CITIBANK. It is very good step taken by RBI. TO PREVENT THE FRUD DONE BY THE BANKERS LIKE CITIBANK.
Reply
Payment Security Expert said on Wednesday, July 22, 2009, 11:43
RBI never sponsored or stated specific systems such as Verified by Visa or Mastercard UCAF/SPA in its directive. Before, the entire banking industry in India goes on this bandwagon, it is best to simply learn about the experience of cardholders and online merchants as it concerns these two systems.
Just google ” verified by visa 2009 ” or go to this link : http://www.boingboing.net/2009/03/28/verified-by-visa-bri.html.
VBV or UCAF/SPA static passwords can be easily phished. Once phished and used by fraudsters, it then makes it very difficult (not impossible) for the legitimate cardholder to dispute a fraudulent online payment made with his VBV or UCAF/SPA credentials.
On the other hand, fraudsters can easily collaborate and share each other’s VBV or UCAF/SPA credentials and then dispute the charges with the issuing banks. The issuing Banks can never prove that the cardholder’s static VBV or UCAF/SPA’s credentials were not phished or compromised.
Reply
Payment Security Expert said on Wednesday, July 22, 2009, 14:22
It surprises me that India, the world’s technical resource, would copy the errors made by Banks elsewhere in the world that tried introducing VBV or UCAF/SPA. It is relatively simple for anyone to do a google search on Verified by VISA and realize that it has not been successful in other parts of the world. At least banks in other parts of the world and online merchants were not mandated to implement these systems. Be wary of mandated systems. A good security system never needs to be mandated.
Reply
narayanan said on Tuesday, November 17, 2009, 9:45
ya its good, but if u use your visa/master card for online purchase it is asking for security code.If you buy anything using paypal through your card it is not asking for the security code.So for every purchase made by using your card,the security code should be mandated.
Reply