CREDIT card frauds through online transactions may soon see a dramatic decline. From August 2009, banks will clear online card transactions only after they are authenticated by a separate password. The Reserve Bank of India has also made it mandatory for banks to send SMS and online alerts for all online transactions exceeding Rs 5,000.
The central bank will also shortly prescribe security measures to be employed for card usage in interactive voice response (IVR) transactions, where cardholders punch in their card details into the telephone to make payments.
At present, anyone who has access to information printed on credit cards, such as the card number and the Credit Verification Value number, can misuse the card online. This loophole will now soon be blocked. With the increased use of credit and debit cards in the country, RBI has been reviewing various options to enhance the security of online transactions.
After consulting with banks and card companies, the RBI has decided to make an additional online authentication compulsory for all banks. “It would be mandatory to put in place with effect from August 2009 a system of providing for additional authentication/validation based on information not visible on the cards for all online card not present transactions,” the RBI said, in a circular issued to all banks.
IT experts have been highlighting this security risk for a long time now. Some banks have already put in place a credit card verification process for online transactions. Now, with the passage of the Payment and Settlement Systems Act, 2007, the central bank has got the power to regulate all online transactions.
In the same circular, the RBI has asked banks to provide customers with online alerts on every transactions over Rs 5,000 where the card is not required to be presented physically. The directive on online verification has been issued under Section 18 of the Payment and Settlement Systems Act, 2007.
Section 18 of the Act gives the RBI broad-based powers to give directions to “system providers or the system participants or any other person either generally or to any such agency and in particular, pertaining to the conduct of business relating to payment systems”. These orders can be given by the RBI if it is satisfied that it is in public interest.
Posts
