Big glitch in axis credit card

😱

Its fine...Its working as per rules

2FA is mandatory. 

1- PIN /biometric for the app or CVV

2. Mobile OTP

App like PayZapp wont even ask CVV for few cards..

working with wrong otp also?

While I do not have anything to support my argument but read somewhere they do it to save money.

Even cards to payzapp work with wrong cvv

I didn't get it bro? So you mean if I put in wrong CVV/Expiry but I use the right OTP transaction will go through??

If otherwise then I guess that's how all cards work as transactions only fail after putting in the OTP even if wrong cvv or expiry is used.

Only card no. is checked (by luhn algorithm I think) they can't verify CVV or expiry on that page.

First thing this is a known issue across all banks not to us or them but to banks and payment gateway /processers/card network ,but the issue is with payment gateway /payment processor related

First identification is via card no which is reported to banks for verification that's 1st factor authentication

Second factor authentication is OTP,here there are two types On us and off is transactions

In on us transaction Card network is bypassed by payment gateway /processers in association with banks to keep transaction off card network to save costs (read verified by visa etc)

In of us transaction you go through card network and always enter Otp on BANK payment page

In either way OTP is 2nd factor of authentication

So to prevent fraud or unauthorized transaction CVV and Expiry is embedded by card network as CARD NETWORK provides payment process to banks so they're responsibile for those liabilities...so it's nothing to do with banks or RBI OR any regulator

So second rung of responsibility lies with payment gateway but they're liable only to the extent of fraud on thier network...so that is also not bank or regulator concern...so here fault and liability is with CARD NETWORK &payment gateway but they are lax as they don't find it worth the effort or doesn't make business sense...so it's happening

The only saving grace is in domestic transactions OTP is 2nd factor authentication is necessary for transactions to go through...but for int transactions that is a big threat

Here comes the debit card /credit card differentiation where DEBIT CARD transactions aren't easily reversible and most debit cards doesn't come with card purchase protection or the card unauthorized card protection

While most credit cards comes with protection and as transaction settlement is on the books of financial Institutions it is easily reversable

So for consumers it's imp to keep this in mind while transacting via cards

So keep your sim /mobile device /Otp safe along with key card details along with other sensitive acc details +keep an eye on transactions or balance in acc on regular basis and always report unauthorised transaction asap

Second imp thing is to better turnoff the transaction levers or atleast keep limits as low as possible this should be followed strictly in DEBIT CARDS and especially for INTERNATIONAL TRANSACTION controls

I have put incorrect cvv but still the otp comes . So otp is the main factor

OTP regulation is directed by RBI only.

It is not required in International Transactions, so disable it, if not needed. Or, enable only when needed.

There are options to raise charge back, if transactions not entered by you.