Topics In Demand
Notification
New

No notification found.

Blog
NASSCOM's Representation to RBI to defer and review the implementation of Circular on ‘Enhancing Security of Card Transactions’

September 30, 2020

483

0

Context

On 15 January 2020, the Reserve Bank of India (RBI) issued a circular on ‘Enhancing Security of Card Transactions’ (Circular). The circular mandates card issuers to: (a) issue cards which are enabled only for use at contact based points of usage (such as ATMs and POS devices) within India; (b) provide cardholders the facility to activate their cards for online (card  not  present  transactions (CNP)) and  contactless  transactions; and (c) disable existing credit and debit cards, which have never been used for online (CNP) / contactless transactions. 

The circular shall come into force from 30 September 2020.

Highlights NASSCOM’s Representation

  • We have requested RBI to extend the date of implementation of the Circular until the time the industry stabilizes from the impact of COVID-19.

This is a difficult period for the industry and there are many immediate issues, which needs to be taken care of. The industry is not in a position to put an appropriate framework in place, in order to comply with the norms provided in the Circular. We, therefore, requested RBI to provide immediate relief to the industry by extending the date of implementation of the Circular by six months.

  • While the intent is appropriate, these norms are likely to result in slowing of payments digitization and also leading to customer inconvenience. We highlighted some impacts to customers due to the implementation of the Circular:
  1. With restrictions being enforced, customers are likely to switch back to cash to avoid the process of applying for enablement of CNP transactions.
  2. As the Circular covers re-issuances, it would create high customer dissonance and inconvenience as he/she could have possibly set standing instructions per the previous card, which could fail for re-issued cards. These recurring transactions would fail due to the restrictions on online options.
  3. Customer inconvenience as they have to explicitly provide multiple inputs to enable all types of transactions via digital and/or analog channels. Same will need to be repeated every time a card is re-issued.
  • In order to address these challenges, we made the following suggestions:
  1. While the Circular highlights the security features to be enabled by card issuers, it is unclear how this will be implemented. For instance, many banks have started sending special message to its customers informing that some services are being discontinued on September 30 on their credit and debit cards. The customers have been asked to register separately for international, online and contactless card transactions. However, no clear instructions to do so has been sent to customers. Therefore, we recommend a clear implementation process to be laid out by RBI
    which should be followed by all card issuers.
  2. Considering that there is already a limit of Rs 2000/- for contact-less cards without PIN/OTP, card issuers (including banks) may be permitted to issue the cards with contactless transaction facility enabled as default, as it is today.
  3. Customers should be allowed to exercise their discretion in enabling or disabling transaction options based on individual usage and risk assessment, rather than having these functionalities restricted by default.
  • We have recommended the following elements to be kept out the purview of this regulation:
  1. Reissuances & upgrade of cards – customers with recurring payments setup should be allowed to continue with online and contactless payments options. Card issuers should ensure that the instructions set by customers are carried forward as is in a replacement/re-issue scenario.
  2. Existing cards.
  3. While the Prepaid gift cards and mass transit cards are already excluded; the Forex cards, Purchase Cards and Virtual cards should also be excluded, as most of the cards issued are for the restricted and controlled usage.
  4. Corporate credit cards as the liability rests with the corporate.
  5. Co-brand cards issued through co-brand partner interfaces, where the co-brand partner is allowed to obtain consent from the new cardholders at the time of card issuance (within their application) and communicate the cardholder’s activation request / preference to the card issuer.

In case of further clarification, please write to komal@nasscom.in.

 

 

 


That the contents of third-party articles/blogs published here on the website, and the interpretation of all information in the article/blogs such as data, maps, numbers, opinions etc. displayed in the article/blogs and views or the opinions expressed within the content are solely of the author's; and do not reflect the opinions and beliefs of NASSCOM or its affiliates in any manner. NASSCOM does not take any liability w.r.t. content in any manner and will not be liable in any manner whatsoever for any kind of liability arising out of any act, error or omission. The contents of third-party article/blogs published, are provided solely as convenience; and the presence of these articles/blogs should not, under any circumstances, be considered as an endorsement of the contents by NASSCOM in any manner; and if you chose to access these articles/blogs , you do so at your own risk.


images
Komal Gupta
Policy Analyst

Policy Professional| Former Tech and Business Journalist|

© Copyright nasscom. All Rights Reserved.