A new RBI circular might turn out to be another big blow for a lot of Indian E-commerce companies and Startups, not to mention also cause a lot of frustration and inconvenience for the general public as well.
After discussions with Banks, the RBI had issued the guidelines via Circular dated 28.02.2013 on “Security and Risk Mitigation Measures for Electronic Payment Transactions”.
Here’s a quick summary of the new changes:
1.) All new Debit/Credit cards issued by banks will allow usage in India only. If the customer wants to carry out international usage, the cards will have a EMV chip embedded on the card and will be pin enabled.
2.) For existing Debit and Credit card customers, the issuing bank will need to convert the older cards (the ones with the traditional magstrip) into EMV chip and pin enabled ones (this will be done for users who have used their cards internationally atleast once before). The process will be required to be completed by June 30th 2013.
3.) Banks will put a threshold limit on international usage beyond which users will not be able to spend. The limit will be decided by Bank based on the risk profile of user. This process also needs to be completed by June 30th 2013 by the banks.
4.) Banks need to ensure that all terminals that accept card swiping should be certified for PCI-DSS (Payment Card Industry – Data Security Standards) and PA-DSS (Payment Applications – Data Security Standards). The process needs to be completed by June 30th 2013.
Apart from these new rules, RBI has also directed Banks to frame rules to ensure that cyber fraud is eliminated from the system. Banks will need to analyze patterns of usage and move towards real-time fraud monitoring systems. Banks are also directed to provide easier methods to users to block their cards immediately, eg. via SMS.
You can go through the rest of the circular here.
How these changes will affect the average Card user:
Although, the percentage of Banking Cyber Frauds have reduced over past 4 years, it is still quite high and many consumers end up loosing lot of money to it. Reserve Bank of India has recently announced changes in the Debit/Credit Card issuance and usage to curb cyber security frauds.
These changes may end up reducing the frauds and encourage the average consumer to feel a lot more safer while transacting online, but at the same time it will cause lot of inconvenience to users, especially to those who make purchases on international e-commerce sites. Not to mention the increase in number of steps to complete an order successfully.
The changes proposed by RBI are great with respect to arresting cyber fraud cases, however, it will also make it very difficult for users to use their card outside India, especially when it comes to electronic purchases. The biggest problem is because these rules apply to Credit cards as well. Most international debit cards issued by Indian Banks could not be used on international sites even now, but Credit cards were accepted. Now, even CCs may not work!
With all international cards now being enabled for EMV Chip and pin, it will not be possible to use them online (this is extra layer of security, where user will have to input pin number after usage of card) as most of the online merchants will not have a facility to input pin during process of payment authentication.
How these changes will affect Start-Ups & Indian E-Commerce:
As happens everytime a rule like this is passed by RBI, start-ups will have to re-implement their payment systems, minimize cart abandonment rates, switch payment gateway providers and go through a number of other hassles. Imagine how long a process a user will have to go through to just purchase a small item online.
Instead of payment solutions becoming simpler, things keep getting worse for the Indian e-commerce sector. The implementation of 3d-secure for using credit cards online, banning the domestic operations of Paypal in India and imposing international restrictions, disallowing subscription services and payments via credit cards have made it even more harder for the struggling start-ups to come up with effective pricing for their products.
These rules have left no room for any disruptions or innovative services in the field of payment processing in India. On the contrary, startups in the US in the same field have been booming and have further encouraged innovative services like Square, Dwolla, Stripe, etc.
What do you guys have to say about this? Do you think these new rules are fair? Share your views in the comments below.