RBI tightens security measures for the online shopping ride!For online shopping, additional authentication pass code to be verified by VISA or MSC from August 1, 2009 onwards.
10 Aug 2009
A recent directive from RBI makes it having an additional authentication pass code verified by VISA or MSC (Master Secure Code) mandatory. This is over and above what is visible on your card. This is in effect from August 1, 2009 onwards.
Let's see what all it entails for the banks, customers and e-commerce players
Indeed it means extra security for customers thus making online shopping safer, for banks, it is extra security blanket to curb misuse of card while shopping on line and additional work of issuing these pass codes and for e commerce players, impacting business, owing to additional authentication steps with which customers will take a while to acquaint.
So all you shopaholics, watch out! Come August 1 and you make an online transaction, you will have to enter this additional password given by the merchant. This is commonly known as VBV - Verified by Visa or MSC - MasterCard SecureCode. This additional security will known only to the card holder so in case even if someone takes your card number he will not be able to use it online for the want of PIN which you only know.
A call to HDFC bank's call center revealed that they already have system called NetSafe in place which generates a code which can be used only one time, besides there is virtual key board that enhances the security if one is shopping from public PC. The directive which was issued by RBI in February 2009 comes in force from August 1, not only this, the directive also mandates a system of online alerts to the card holder for all Card not Present transactions if it exceeds the amount of Rs. 5000. The circular adds that banks would be penalised for non-adherence to the directive under the Payment and Settlement Systems Act 2007.
So the next question which crossed my mind, how all this is going to function?
The person in HDFC bank branch was kind enough to explain the questions posed by the curious customer like me obviously oblivious of the larger purpose to provide fodder for my article.
He said, once your card is activated with the Verified by Visa / Master Secure service, your card number will be recognized whenever you make an electronic payment. After you provide your credit card details online, you will be redirected to your issuer website and then required to specify your Verified by Visa / Master Secure authentication details. Your identity will be verified, and the transaction will be completed. Based on the authentication provided by your issuer, the transaction will be processed and you will get a confirmation.
According to HSBC Bank, any online purchase made, at such a registered merchant with your HSBC credit card will be declined if you have not yet registered the card for HSBC's Secure Online Payment Service. However, so as not to cause you any inconvenience for purchases that one makes before registration, HSBC will exceptionally process the payment through a secure conditional authentication upon successful verification of customer's personal information. But bank stresses that customers register with SecurePay to ensure the maximum protection from online credit card fraud.
SBI Cards already have a process in place and it only processes transactions that are verified by a separate password. Now the customers will be required to create a password that they would have to enter when transacting online. SBI Card has gone live with these measures on July 1. However, customers have been given some leeway and can do up to three transactions without a password. Most foreign lenders including Citibank already require customers to have an I-PIN before they can use their credit cards to transact online.
The additional security blanket provided by RBI will certainly prove a milestone in curbing the online fraud prevalent in the country,l so countrymen can breathe easy now.
Besides as an On line shopholic you take few more measures to make your shopping more enjoyable like keeping your computer secure and the access to it, avoid sending credit card or account details by e-mail, reject any email that asks you to follow a link to website and input account details for verification - even if the website looks authentic and make sure you log out of your online account when finished - especially at work and net cafes.
Oh yeamost banks are offering this facility online, in case your bank is not, then call customer care.
You will go a long way this way