Bingo! RBI Mulls 2 Factor Authentication For Transactions Below INR 2000

Bingo! RBI Mulls 2 Factor Authentication For Transactions Below INR 2000

In a bid to make online transactions easier, Reserve Bank of India (RBI) has come out with a circular which states that it has removed the much restrictive two-factor authentication for transactions under INR 2,000.

After examining the trade-off between security and convenience, RBI announced that they have now removed requirement of Additional Factor of Authentication for small value card present transactions. However, relaxation of the norms applied only to ‘card present’ transactions where near-field communication (NFC) technology is used.

The ATM transactions where the card is not present will continue to require the additional factor of authentication, a PIN or one-time password.

RBI in its draft circular said, “It has been decided to relax the extant instructions relating to the need for additional factor of authentication requirements for small value card present transactions only using contact-less card payments using NFC.”

At present, a customer has to key-in the personal identification number (PIN) for authenticating every transaction. If the draft circular gets implemented, customers using contactless cards will not have to key in the PIN for transaction up to INR 2,000.

The RBI has advised banks to explain to customers the NFC technology, its use, risks and also the maximum liability devolving on the customer, and also to put in place a robust mechanism to report of loss or stealing of cards.

It is to be noted that the ecommerce firms have been pitching to remove the two-factor authentication for small value transactions.

Here is the complete circular:

Reserve Bank of India has issued various instructions on security of card transactions and risk mitigation measures, including directions on online alerts as well as on additional factor of authentication. This has resulted in strengthening both card present (CP) and card not present (CNP) transactions. The measures have significantly reduced the misuse of cards.

  1. Of late, the Reserve Bank has been receiving requests from customers and entities in certain niche segments indicating the need to foster innovative payment products / processes and for enhancing the convenience factor in certain use cases / type of transactions without the need for having the mandatory additional factor of authentication (AFA).
  2. The requests have been examined from the perspective of the trade-off between security and convenience in card transactions and need for relaxation in extant instructions with suitable safeguards to protect customer interest in light of availability of new technologies. One such technology is that of Near Field Communication (NFC) which is used in contactless cards .The contactless cards are chip card which provides security as well as convenience.
  3. Accordingly, it has been decided to relax the extant instructions relating to the need for additional factor of authentication requirements for small value card present transactions only usingcontact-less card payments using NFC. In this regard, it is advised that –
  1. Relaxation for AFA requirement is permitted for transactions for a maximum value of Rs 2,000/- per transaction; banks are free to set lower per transaction limits.
  2. the contactless cards should necessarily adhere to EMV standards.
  3. Suitable velocity checks (daily, monthly, etc) shall be put in place by banks as agreed upon by the customer.
  4. for transaction value above the threshold limit of Rs 2000/- PIN (AFA) will be mandatory.
  1. Further, in the interest of customer protection the banks are also advised:
  1. to clearly explain to customers about the technology, its use, risks and liability while issuing contact less/ NFC cards.
  2. to clearly indicate the maximum liability devolving on the customer, if any, at the time of issuance of such cards, along with the responsibility of the customer to report the loss of such cards to the bank immediately through multiple channels made available by the bank.
  3. to put in place robust mechanisms for seamless reporting of lost/stolen cards which can be accessed through multiple channels (website, phone banking, SMS, IVR etc.).
  1. However, it may be noted that the above relaxations shall not apply to:
  1. ATM transactions irrespective of transaction value.
  2. Card not Present transactions(CNP).
  1. The directive is issued under Section 10(2) read with Section 18 of Payment and Settlement Systems Act 2007 (Act 51 of 2007).

Recently, the Delhi-based ecommerce firm, Snapdeal has also pitched for single-factor authentication regime for small value transactions, starting initially with a cap of INR 3,000. Earlier on August 22, 2014, the RBI had issued a circular requiring every credit card transaction made with an Indian credit card to include two-factor authentication and had made it mandatory starting from December 2014.

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
UNLOCK 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
UNLOCK 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

Bingo! RBI Mulls 2 Factor Authentication For Transactions Below INR 2000-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

Bingo! RBI Mulls 2 Factor Authentication For Transactions Below INR 2000-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

Bingo! RBI Mulls 2 Factor Authentication For Transactions Below INR 2000-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

Bingo! RBI Mulls 2 Factor Authentication For Transactions Below INR 2000-Inc42 Media
Bingo! RBI Mulls 2 Factor Authentication For Transactions Below INR 2000-Inc42 Media
You’re in Good company