Two-step authentication must for credit cards: RBI

August 23, 2014 11:46 pm | Updated November 18, 2016 01:27 am IST - CHENNAI

All transactions involving domestic credit cards must necessarily conform to additional authentication or validation process as mandated under the rules.

Asserting this, the Reserve Bank India (RBI) has made it clear that the two-step authentication process is a must even for ‘card not present transactions’. The toughening RBI stance on two-step authentication process is primarily aimed to set right an unintended wrong arising out of the so-called customer-friendly payment model followed by certain service providers. By doing so, they have managed to give the two-step authentication requirement a slip. According to the RBI, however, this is resulting in foreign exchange outflow.

Merchant transactions for sale of goods and services between two residents in India must be settled in India. The problem arises if these transactions are acquired by banks located overseas. This happens when the service provider is linked to an overseas website or a payment gateway. Typically, a service user just swipes the card. And, the service provider doesn’t get the money from the user. But he gets it from the payment gateway provider, that is, banks. Since these service providers use overseas payment gateway, they get their payment from a bank located overseas. The overseas bank retains a fee for providing payment gateway, and remits the balance through its Indian subsidiary to the local service provider. According to the RBI, “this is not acceptable as this is in violation of the requirements under the Foreign Exchange Management Act, 1999.’’

Under the business models followed by certain service providers, payments to them are directly processed using the customer’s stored credit card information in a simple process. This has effectively ensured that there is no monetary exchange between the service user and provider.

The non-adherence to the two-step authentication process has made the field uneven for players especially in fields such as taxi operation. Frequent taxi users among credit card holders will prefer a cab provider who accepts a hassle-free payment process.

“It has come to our notice instances of card not present transactions being effected without the additional authentication even where the underlying transactions are essentially taking place between two residents in India,’’ the apex bank said. The RBI has given the ‘violating service providers’ time till October 31 to comply with its directive. This will have far-reaching implications for all transactions involving e-commerce, it is pointed out.

Top News Today

Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in


Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.