RBI/2009-2010/420
RBI / DPSS No. 2303 / 02.14.003 / 2009-2010

April 23, 2010

The Chairman and Managing Director / Chief Executive Officers
All Scheduled Commercial Banks including RRBs /
Urban Co-operative Banks / State Co-operative Banks /
District Central Co-operative Banks

Madam / Dear Sir,

Credit/Debit Card transactions- Security Issues and Risk mitigation measures for IVR transactions.

Please refer to our circular RBI/DPSS/No.1501/02.14.003/2008-2009 dated February 18, 2009, wherein a directive was issued making it mandatory for banks to put in place additional authentication/validation based on information not visible on the cards for all on-line card not present (CNP) transactions except IVR transactions.

2. After extensive deliberations with the banks/card companies it has been decided to extend this requirement of additional authentication/validation to all CNP transactions including IVR transactions. Accordingly, banks are advised to implement the contents of the above circular to all CNP transactions with effect from January 01, 2011.

3. These Directions are issued by the Reserve Bank of India, in exercise of the powers conferred by Section 18 of the Payment and Settlement Systems Act, 2007 (Act 51 of 2007). Banks are advised to strictly adhere to the instructions and time discipline indicated in this circular. Non-adherence to the directions shall attract penalties prescribed under the Act.

4. Please acknowledge receipt.

Yours faithfully

(G. Padmanabhan)
Chief General Manager