1. Home
  2. / Dost and Dimes
  3. / From now, no OTP will be required for payments under Rs 2,000
Hot Deal

From now, no OTP will be required for payments under Rs 2,000

Reply
386°
The Economic Times Offers
The Economic Times Offers
Deal Subedar
RichSoul
In a move that will make it easier for cab aggregators like Uber and Ola and other online merchants to accept cards, the RBI has relaxed two-factor authentication for online payments below Rs 2,000. The RBI's insistence on a second factor authentication (in the form of a one-time password, or OTP) had prompted cab aggregators to tie up with digital wallets like Paytm. While customers can even now pay by card, they need to wait for a text message containing the OTP before concluding the transaction.In future, if they register with the merchant, they can complete the payment by entering a password authenticated by the card network. The RBI had earlier relaxed the second factor authentication requirement for transactions in shops using near field communication (NFC) or contactless cards. According to Vijay Jasuja, MD & CEO, SBI Cards, there had been a representation from the industry to relax the two-factor authentication norms for low-value transactions. Amit Jain, president, Uber India, said, "This waiver is a big leap in the right direction to bring ease and convenience to the use of cards over cash and will strengthen the foundation for a leading digital economy." Amit Jain, president, Uber India, said, "This waiver is a big leap in the right direction to bring ease and convenience to the use of cards over cash and will strengthen the foundation for a leading digital economy." In its circular issued on Tuesday, the RBI said that it has been receiving requests from certain segments of the industry for reviewing the requirement of additional factor authentication for low-value online card-not-present (CNP) transactions. The RBI said that it was not happy with merchant-specific solutions as an alternative. But a solution by card networks (Visa ,MasterCard, RuPay) is expected to meet the objective of customer convenience with sufficient security for low-value transactions . The network-provided solutions include Visa Checkout and Mastercard's Masterpass. Customers opting for this facility will go through a one-time registration process, requiring entry of card details and additional factor authentication by the issuing bank. In this model, the card details already registered would be the first factor while the network-provided password would be the additional factor of authentication. "This is a very elegant solution as it will prevent dropout of transactions without diluting the security of the payment architecture," said TR Ramachandran, country head, Visa. Source - http://economictimes.indiatimes.com/news/econom...
8 Comments  |  
6 Dimers
  • Sort By
Deal Subedar Deal Subedar
RichSoul
Link Copied

We don’t have to load Paytm for the Uber anymore. More card offers on Uber is on the way!
Deal Subedar Deal Subedar
Varada
Link Copied

Is it only for Uber Paytm and ola or for all sites and only for debit card? What about security. I know many times frauds calling me with all the card details except otp. So now they can use the card hacked without otp. I don’t understand why
Deal Subedar Deal Subedar
ishubhamsr
Link Copied

They can complete the payment by entering a password authenticated by the card network. So nothing is gonna change for many of us as some banks already allow to use either OTP or Transaction password knows as Mastercard secure code/VBV code.
1
Pro Entertainer Pro Entertainer
A2Zdeals
Link Copied

Understanding the RBI’s removal of 2FA for transactions under Rs 2,000

Card payment companies have finally got what they’ve been asking for: To boost online transactions through cards, the Reserve Bank of India (RBI) has removed the additional factor of authentication (AFA) for payments up to Rs 2,000. However, for this model, card issuing banks will have to offer the payment authentication solutions of the respective card networks to their customers on an optional basis.

Customers opting for this facility will go through a one-time registration process requiring entry of card details, etc. and AFA by the issuing bank. Thereafter, the registered customers will not be required to re-enter the card details for every transaction at merchant locations that offer this solution.

In this model, the card details already registered would be the first factor of authentication. The credentials used to login to the solution (as confirmed by the card network providing the solution) would be the additional factor of authentication.

Mastercard has a payment authentication solution in form of MasterCard Securecode while Visa has a similar offering via Visa Checkout. No word from RuPay regarding such a service yet.

However, it is unclear if a customer will always be logged into these payment authentication solutions or if they have to enter a password to authenticate the transaction. We have contacted MasterCard and several banks regarding this and will update once we hear from them.

Does this mean there can be an auto-debit from a card?
Many International online services, such as Netflix, allow auto-debit without a second factor of authentication, because it uses a foreign payment gateway, and doesn’t to comply with Indian norms. The changes norms announced by the RBI do mean that the same option will work for Indian payment gateways. So, for example, customers will still have to enter their three digit CVV number to process the payment for paying for a ride on Uber. The RBI’s new rule only eliminates the need to enter the OTP sent by a bank to authenticate a transaction, or the usage of Verified by Visa or 3D secure.

Note that payment gateway PayU Biz has a solution which will process card payments without the need of a customer to need their CVV number. Under the PCI-DSS rules (a set of international compliance norms) CVV numbers cannot be stored by a payment gateway. PayU, however, said that it does not store customers’ CVV numbers and declined to give details on how the company managed to work around entering the CVV and said that it is patent pending.

How it worked earlier

Earlier, to process card-not-present transactions, here were the steps a customer had to enter:

– Enter card details if it is not stored by a service.
– Enter CVV number.
– To process checkout, the payment gateway would route customer to a bank’s page where an OTP would be generated by the bank. Else a customer would need to enter a password which would be authenticated by a card network such as Visa and MasterCard.
– Customer would then be redirected to the merchants page to get a confirmation.

Opinion :
1. A prudent approach: The RBI seems to have taken a prudent approach which, at the moment, seems to appease all the parties involved. Customers will be happy as this is an opt-in approach and online merchants will have to take explicit consent.

2. CVV is the customers only line of defence in this mechanism

Remember 2FA is based on the following security principle:

– First factor of authentication is what a customer has (card number)
– Second factor of authentication is what a customer knows (in this case, a password)

Many websites and mobile services have auto-logins and if a phone gets compromised, the CVV number (which a customer only knows), is the only defense against fraudulent transactions. As such, PayU Biz’s CVV-less transaction solutions undermines the security of a customer.
Critic Critic
StupendousMan
Link Copied

NO SIR!

This is very PRUDENT approach (they haven’t forgot to mention it twice to pat their own back)
and
This is very ELEGANT solution (the babudom still plagues this country,never question the ‘afsar’ saab…he is smarter than you)
1
View 1 more reply
replyuser
Click here to reply
Reply
Hottest Discussions
1519° Where you guys use 5% SBI Cashback Credit Card ? The World's Best Credit Card Ever
abhishek012
174
1575° Avoid Credit cards to bank Transfer - My experience
S.Thawait
72
841° What is the current temperature at your location?
Bhawin
74
227° India’s population estimated at 144 crore, overtakes China: UNFPA report
desiman
23
64° Vodafone Idea Limited FPO (VI FPO) - issue of Rs 18,000.00 crores Opened Today
Rajkotian
4
View all
Hottest Deals
Amazon FZ Daily Quiz Win Runs Answers 19th April
269° Amazon FZ Daily Quiz Win Runs Answers 19th April
BeatXP Duke Rugged 1.43” Round Super Amoled Bluetooth Calling Smart Watch
399° BeatXP Duke Rugged 1.43” Round Super Amoled Bluetooth Calling Smart Watch
86% OFF
Nike Clothing & Footwear Upto 80% Off
499° Nike Clothing & Footwear Upto 80% Off
80% OFF
Upto 78% Off On Diesel Sunglasses & More brands
386° Upto 78% Off On Diesel Sunglasses & More brands
78% OFF
Not a Repost Pack of 6 Eggs @9 And Infinity membership 3m @1
323° Not a Repost Pack of 6 Eggs @9 And Infinity membership 3m @1
View all
Top News
Amazon Pay UPI will have credit options through NPCI soon
366° Amazon Pay UPI will have credit options through NPCI soon
Your Paytm UPI ID will change soon! 5 Things to Do
88° Your Paytm UPI ID will change soon! 5 Things to Do
Best smartphones under 10000 in India 2024 April (8GB RAM, gaming, camera)
88° Best smartphones under 10000 in India 2024 April (8GB RAM, gaming, camera)
Google Wallet expects India Launch soon!
149° Google Wallet expects India Launch soon!
Movie Tickets at Rs. 99 on Cinema Lovers Day: PVR Inox & More!
69° Movie Tickets at Rs. 99 on Cinema Lovers Day: PVR Inox & More!
View all