RBI restricts card usage, suggests caps due to frauds
MUMBAI, Mar 01, 2013 (Mint - McClatchy-Tribune Information Services via COMTEX) --
The Reserve Bank of India (RBI) on Thursday said all new debit and credit cards should be issued only for domestic usage unless a customer specifically asks for international transaction rights.
Besides, any card that has a magnetic strip instead of the chip technology and had been used at least once for an international transaction, either physically or online, should be replaced by 30 June with a chip-based card, it said.
The regulator was forced to issue these new guidelines after instances of credit card frauds rose sharply in the last two months mainly in international transactions.
RBI said it is initiating these measures as cyber-attacks are "more unpredictable and electronic payment systems becoming vulnerable to new types of misuse."
"All the active Magstripe international cards issued by banks should have threshold limit for international usage," the banking regulator said in a notification, adding that the threshold should be determined by the banks based on the risk profile of the customer and accepted by the customer.
"Till such time this process is completed an omnibus threshold limit (say, not exceeding $500) as determined by each bank may be put in place for all debit cards and all credit cards that have not been used for international transactions in the past," RBI said.
RBI also said banks should provide easier methods like text messages for the customer to block a misused card and get a confirmation to that effect after blocking the card.
On 8 February, RBI deputy governor Anand Sinha told news agency Press Trust of India in Mumbai that instances of credit card fraud being reported were "of high magnitude".
Various explanations have been proffered for the increase in instances of card fraud, including the fact that most overseas websites do not insist on either CVV or the additional "secure" layer. However, banks and payment companies could not pin point the exact reason for the sudden rise in frauds.
The recent rise in credit card frauds involving Indian customers was due to a combination of skimming of cards and phishing attacks on e-commerce websites, Uttam Nayak, group country manager India and South Asia, Visa Inc., said on 20 February.
"We believe these could be the reasons because of which data was compromised though we are still looking into it. There have been more than normal frauds in the last few months. But we have to be prepared because fraudsters are going to get smarter as the economy grows," Nayak said.
The central bank also issued guidelines for transfer of money online through the Real Time Gross Settlement System (RTGS), National Electronic Fund Transfer (NEFT) and Interbank Mobile Payment System (IMPS), asking banks to provide customers the option to fix a cap on either value, mode or number of beneficiaries.
"Limit on the number of beneficiaries that may be added in a day per account could be considered. A system of alert may be introduced when a beneficiary is added," RBI said.
"Introduction of additional factor of authentication (preferably dynamic in nature) for such payment transactions should be considered. The banks may consider implementation of digital signature for large value payments for all customers, to start with for RTGS transactions. Capturing of Internet Protocol (IP) address as an additional validation check should be considered," RBI said, adding that the new measures on online money transfers should be put in place by 30 June.
___ (c)2013 the Mint (New Delhi) Visit the Mint (New Delhi) at www.livemint.com
Distributed by MCT Information Services
[ InfoTech Spotlight's Homepage ]