All transactions involving domestic credit cards must necessarily conform to additional authentication or validation process as mandated under the rules.
Asserting this, the Reserve Bank India (RBI) has made it clear that the two-step authentication process is a must even for ‘card not present transactions’. The toughening RBI stance on two-step authentication process is primarily aimed to set right an unintended wrong arising out of the so-called customer-friendly payment model followed by certain service providers. By doing so, they have managed to give the two-step authentication requirement a slip. According to the RBI, however, this is resulting in foreign exchange outflow.
Merchant transactions for sale of goods and services between two residents in India must be settled in India. The problem arises if these transactions are acquired by banks located overseas. This happens when the service provider is linked to an overseas website or a payment gateway. Typically, a service user just swipes the card. And, the service provider doesn’t get the money from the user. But he gets it from the payment gateway provider, that is, banks. Since these service providers use overseas payment gateway, they get their payment from a bank located overseas. The overseas bank retains a fee for providing payment gateway, and remits the balance through its Indian subsidiary to the local service provider. According to the RBI, “this is not acceptable as this is in violation of the requirements under the Foreign Exchange Management Act, 1999.’’
Under the business models followed by certain service providers, payments to them are directly processed using the customer’s stored credit card information in a simple process. This has effectively ensured that there is no monetary exchange between the service user and provider.
The non-adherence to the two-step authentication process has made the field uneven for players especially in fields such as taxi operation. Frequent taxi users among credit card holders will prefer a cab provider who accepts a hassle-free payment process.
“It has come to our notice instances of card not present transactions being effected without the additional authentication even where the underlying transactions are essentially taking place between two residents in India,’’ the apex bank said. The RBI has given the ‘violating service providers’ time till October 31 to comply with its directive. This will have far-reaching implications for all transactions involving e-commerce, it is pointed out.