RBI makes it mandatory for banks to provide additional authentication for online shopping
According to a new ruling, the Reserve bank of India -RBI has made it mandatory for all banks issuing credit and debit cards to provide additional authentication information over and above what is visible on the card. To prevent fraud and to make online shopping safer, the RBI has made it mandatory, from 1st August onwards, for all online 
transactions to have increased security via registering each and every card with its respective merchant. This means that every time you make an online transaction you will have to enter this additional password given by the merchant. This is commonly known as VBV – Verified by Visa or MSC – MasterCard SecureCode
I bank with HDFC and I can vouch that they already have certain systems like NetSafe which generates a code which can be used only one time, along with that there is virtual keyboard that enhances the security if you are using a public computer. I am sure other major Indian private sector banks Like ICICI and Kotak would also have such systems in place. This new ruling will add an entirely new dimension to online security and as per the directive issued by the RBI on February 18, also mandates a system of online alerts to the cardholder for all ‘card not present’ transactions that exceed Rs 5,000. The circular adds that banks would be penalised for non-adherence to the directive under the Payment and Settlement Systems Act 2007.
How will VBV /MSC work:
Once your card is activated with the Verified by Visa / Master Secure service, your card number will be recognized whenever you make an electronic payment. After you provide your credit card details online, you will be redirected to your issuer website and then required to specify your Verified by Visa / Master Secure authentication details. Your identity will be verified, and the transaction will be completed. Based on the authentication provided by your issuer, the transaction will be processed & you will get a confirmation. View the demo of how VBV/MSC work
How can you get VBV or MSC password:
- HDFC Bank
- ICICI Bank
- Citibank
- HSBC Bank
- Standard Chartered
- Deutsche Bank
- State Bank of India
- Axis Bank
- ABN Amro
With successful implementation of this enhanced security system people can breathe easy while swiping their credit cards at various establishments like restaurants, petrol pumps and areas like grocery stores without any fear as credit number, expiry date and CVV number will not be enough to make fraudulent transactions online.
No related posts.
Related posts brought to you by Yet Another Related Posts Plugin.
If you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
Comments
Hi fellow blogger
Thanks for showing interest in Blogathon on IndiBlogger Forums. To make things easier, we have created a blog, BLOG-A-TON (link: http://blog-a-ton.blogspot.com/ ) through which you can stay updated about the event.
So hurry up and start following it to participate in further discussions and stay updated always.
Looking forward to your support.
Lets Blog:)
RBI never sponsored or stated specific systems such as Verified by Visa or Mastercard UCAF/SPA in its directive. Before, the entire banking industry in India goes on this bandwagon, it is best to simply learn about the experience of cardholders and online merchants as it concerns these two systems.
Just google " verified by visa 2009 " or go to this link : http://www.boingboing.net/2009/03/28/verified-by-...
VBV or UCAF/SPA static passwords can be easily phished. Once phished and used by fraudsters, it then makes it very difficult (not impossible) for the legitimate cardholder to dispute a fraudulent online payment made with his VBV or UCAF/SPA credentials.
On the other hand, fraudsters can easily collaborate and share each other's VBV or UCAF/SPA credentials and then dispute the charges with the issuing banks. The issuing Banks can never prove that the cardholder's static VBV or UCAF/SPA's credentials were not phished or compromised.
HDFC's one time code, is not a one-time code but a one-time use visa or mastercard number. These one time use card numbers are good but it does not protect the real card number. Some online merchants also do not accept these one-time card numbers since they do require the presentation of the actual card (number) to retrieve an airline or train ticket, for example.
Thank you for showing the other side of the coin. i hope the team responsible for this directive is aware about the same and takes corrective actions while implementing this for all cards. Having said these activities are left to the corporates like banks and other online merchants to advise their customers to authenticate their cards. As you rightly pointed out this system will help banks interest as the end user will have virtually no options left to claim a fraud. we will have to wait and watch the result of implementing this policy.
It surprises me that India, the world’s technical resource, would copy the errors made by Banks elsewhere in the world that tried introducing VBV or UCAF/SPA. It is relatively simple for anyone to do a google search on Verified by VISA and realize that it has not been successful in other parts of the world.
At least banks in other parts of the world and online merchants were not mandated to implement these systems. Be wary of mandated systems. A good security system never needs to be mandated.
Are Amazon or Paypal accept transactions which needs additional security, I think no. Then what happens to any person who wants to buy something through these sites? ( Or this is to encourage made in India produces?)
Have anyone thought over this before giving kudos to this initiative?
To me, this initiative will stagnate many of the export oriented ventures from small time dealers. These dealders use paypal quite frequently.
I agree that there are a lot of merchants use Paypal. but i would like to bring to your notice that these additional security measures have been implemented globally long time back and India has just thought of it now . Also its going to be very easy for merchants to provide that additional page to verify on their respective sites. Such additional security will help prevent online fraud, at least that is what they claim ;-) in this scenario companies will have to adopt newer mechanism to do business which is in the interest of their end customers.
[...] Tagged: credit card, security. Leave a Comment In 2009, the Reserve Bank of India, made it mandatory to use Verified by Visa or Mastercard Securecode for all online transactions. This was a misguided [...]
[...] Read the original: RBI makes it mandatory for banks to provide additional … [...]