In a move that will make it easier for cab aggregators like Uber and Ola and other online merchants to accept cards, the RBI has relaxed two-factor authentication for online payments below Rs 2,000.
The RBI's insistence on a second factor authentication (in the form of a
one-time password, or OTP) had prompted cab aggregators to tie up with
digital wallets like Paytm. While customers can even now pay by card,
they need to wait for a text message containing the OTP before
concluding the transaction.In future, if they register with the
merchant, they can complete the payment by entering a password
authenticated by the card network.
The RBI had earlier relaxed the second factor authentication requirement
for transactions in shops using near field communication (NFC) or
contactless cards. According to Vijay Jasuja, MD & CEO, SBI Cards,
there had been a representation from the industry to relax the
two-factor authentication norms for low-value transactions.
Amit Jain, president, Uber India, said, "This waiver is a big leap in
the right direction to bring ease and convenience to the use of cards
over cash and will strengthen the foundation for a leading digital
economy."
In its circular issued on Tuesday, the RBI said that it has been
receiving requests from certain segments of the industry for reviewing
the requirement of additional factor authentication for low-value online
card-not-present (CNP) transactions. The RBI said that it was not happy
with merchant-specific solutions as an alternative. But a solution by
card networks (Visa ,MasterCard, RuPay) is expected to meet the
objective of customer convenience with sufficient security for low-value
transactions.
The network-provided solutions include Visa Checkout and Mastercard's
Masterpass. Customers opting for this facility will go through a
one-time registration process, requiring entry of card details and
additional factor authentication by the issuing bank. In this model, the
card details already registered would be the first factor while the
network-provided password would be the additional factor of
authentication.
"This is a very elegant solution as it will prevent dropout of
transactions without diluting the security of the payment architecture,"
said TR Ramachandran, country head, Visa.
Source :The Economic Times