Card Not Present transactions - Relaxation in Additional Factor of Authentication for payments upto ₹ 2000/- for card network provided authentication solutions - RBI - Reserve Bank of India
Card Not Present transactions - Relaxation in Additional Factor of Authentication for payments upto ₹ 2000/- for card network provided authentication solutions
RBI/2016-17/172 December 6, 2016 The Chairman and Managing Director / Chief Executive Officer Madam/Sir, Card Not Present transactions – Relaxation in Additional Factor of Authentication for payments upto ₹ 2000/- for card network provided authentication solutions Reserve Bank of India has been taking a number of initiatives with the involvement of all stake holders to enhance safety and efficiency of the retail payment systems. In this regard, various instructions have been issued from time to time on security and risk mitigation measures involving card transactions, including directions on online alerts and additional factor of authentication. These measures have contributed to increased customer confidence in using card payments. 2. The Reserve Bank has been receiving requests from certain segments of the industry for reviewing the requirement of AFA for low value online card not present (CNP) transactions. As most of the requests were for merchant specific relaxations on AFA requirements, they were not appropriate at the system level. An alternate solution, provided by authorised card networks is expected to meet the objective of customer convenience with sufficient security for low value transactions. In this model, the card issuing banks will offer the “payment authentication solutions” of the respective card networks to their customers on an optional basis. Customers opting for this facility will go through a one-time registration process requiring entry of card details, etc. and AFA by the issuing bank. Thereafter, the registered customers will not be required to re-enter the card details for every transaction at merchant locations that offer this solution and thereby save time and effort. In this model, the card details already registered would be the first factor while the credentials used to login to the solution (as confirmed by the card network providing the solution) would be the additional factor of authentication. 3. Accordingly, the AFA requirement for transactions upto ₹ 2000/- for online CNP transactions for the ‘payment authentication solutions’ provided by authorised card networks with the participation of respective card issuing and acquiring banks is being relaxed, subject to:
4. Further, in the interest of customer awareness and protection, the banks and authorised card networks offering such solutions are also advised to:
5. The authorised card network operators, may also facilitate participation of cardholders from other authorised card networks, through appropriate network level arrangements / agreements. 6. This directive is issued under Section 10(2) read with Section 18 of Payment and Settlement Systems Act 2007 (Act 51 of 2007). Yours faithfully, (Nanda S. Dave) |