NASSCOM’s Representation to RBI to defer and review the implementation of RBI Circular on ‘Enhancing Security of Card Transactions’
Blog: NASSCOM Official Blog
On 15 January 2020, the Reserve Bank of India (RBI) issued a circular on ‘Enhancing Security of Card Transactions’ (Circular). The circular mandates card issuers to: (a) issue cards which are enabled only for use at contact based points of usage (such as ATMs and POS devices) within India; (b) provide cardholders the facility to activate their cards for online (card not present transactions (CNP)) and contactless transactions; and (c) disable existing credit and debit cards, which have never been used for online (CNP) / contactless transactions.
The circular shall come into force from 30 September 2020.
Highlights NASSCOM’s Representation
- We have requested RBI to extend the date of implementation of the Circular until the time the industry stabilizes from the impact of COVID-19.
This is a difficult period for the industry and there are many immediate issues, which needs to be taken care of. The industry is not in a position to put an appropriate framework in place, in order to comply with the norms provided in the Circular. We, therefore, requested RBI to provide immediate relief to the industry by extending the date of implementation of the Circular by six months.
- While the intent is appropriate, these norms are likely to result in slowing of payments digitization and also leading to customer inconvenience. We highlighted some impacts to customers due to the implementation of the Circular:
- With restrictions being enforced, customers are likely to switch back to cash to avoid the process of applying for enablement of CNP transactions.
- As the Circular covers re-issuances, it would create high customer dissonance and inconvenience as he/she could have possibly set standing instructions per the previous card, which could fail for re-issued cards. These recurring transactions would fail due to the restrictions on online options.
- Customer inconvenience as they have to explicitly provide multiple inputs to enable all types of transactions via digital and/or analog channels. Same will need to be repeated every time a card is re-issued.
- In order to address these challenges, we made the following suggestions:
- While the Circular highlights the security features to be enabled by card issuers, it is unclear how this will be implemented. For instance, many banks have started sending special message to its customers informing that some services are being discontinued on September 30 on their credit and debit cards. The customers have been asked to register separately for international, online and contactless card transactions. However, no clear instructions to do so has been sent to customers. Therefore, we recommend a clear implementation process to be laid out by RBI
which should be followed by all card issuers.
- Considering that there is already a limit of Rs 2000/- for contact-less cards without PIN/OTP, card issuers (including banks) may be permitted to issue the cards with contactless transaction facility enabled as default, as it is today.
- Customers should be allowed to exercise their discretion in enabling or disabling transaction options based on individual usage and risk assessment, rather than having these functionalities restricted by default.
- We have recommended the following elements to be kept out the purview of this regulation:
- Reissuances & upgrade of cards – customers with recurring payments setup should be allowed to continue with online and contactless payments options. Card issuers should ensure that the instructions set by customers are carried forward as is in a replacement/re-issue scenario.
- Existing cards.
- While the Prepaid gift cards and mass transit cards are already excluded; the Forex cards, Purchase Cards and Virtual cards should also be excluded, as most of the cards issued are for the restricted and controlled usage.
- Corporate credit cards as the liability rests with the corporate.
- Co-brand cards issued through co-brand partner interfaces, where the co-brand partner is allowed to obtain consent from the new cardholders at the time of card issuance (within their application) and communicate the cardholder’s activation request / preference to the card issuer.
In case of further clarification, please write to firstname.lastname@example.org.
The post NASSCOM’s Representation to RBI to defer and review the implementation of RBI Circular on ‘Enhancing Security of Card Transactions’ appeared first on NASSCOM Community |The Official Community of Indian IT Industry.