Comments on: RBI makes it mandatory for banks to provide additional authentication for online shopping

By: Online credit laws for Indians, make them much more insecure « The Indian digital government

Fri, 29 Jan 2010 07:17:33 +0000

[...] Tagged: credit card, security. Leave a Comment In 2009, the Reserve Bank of India, made it mandatory to use Verified by Visa or Mastercard Securecode for all online transactions. This was a misguided [...]

By: gigathoughts

gigathoughts — Thu, 20 Aug 2009 12:00:55 +0000

I agree that there are a lot of merchants use Paypal. but i would like to bring to your notice that these additional security measures have been implemented globally long time back and India has just thought of it now . Also its going to be very easy for merchants to provide that additional page to verify on their respective sites. Such additional security will help prevent online fraud, at least that is what they claim ;-) in this scenario companies will have to adopt newer mechanism to do business which is in the interest of their end customers.

By: addadutta

addadutta — Wed, 19 Aug 2009 19:44:57 +0000

Are Amazon or Paypal accept transactions which needs additional security, I think no. Then what happens to any person who wants to buy something through these sites? ( Or this is to encourage made in India produces?)
Have anyone thought over this before giving kudos to this initiative?
To me, this initiative will stagnate many of the export oriented ventures from small time dealers. These dealders use paypal quite frequently.

By: Card Security Expert

Card Security Expert — Wed, 22 Jul 2009 09:07:16 +0000

It surprises me that India, the world’s technical resource, would copy the errors made by Banks elsewhere in the world that tried introducing VBV or UCAF/SPA. It is relatively simple for anyone to do a google search on Verified by VISA and realize that it has not been successful in other parts of the world.

At least banks in other parts of the world and online merchants were not mandated to implement these systems. Be wary of mandated systems. A good security system never needs to be mandated.

By: gigathoughts

gigathoughts — Wed, 22 Jul 2009 06:37:03 +0000

Thank you for showing the other side of the coin. i hope the team responsible for this directive is aware about the same and takes corrective actions while implementing this for all cards. Having said these activities are left to the corporates like banks and other online merchants to advise their customers to authenticate their cards. As you rightly pointed out this system will help banks interest as the end user will have virtually no options left to claim a fraud. we will have to wait and watch the result of implementing this policy.

By: Card Security Expert

Card Security Expert — Wed, 22 Jul 2009 06:20:07 +0000

RBI never sponsored or stated specific systems such as Verified by Visa or Mastercard UCAF/SPA in its directive. Before, the entire banking industry in India goes on this bandwagon, it is best to simply learn about the experience of cardholders and online merchants as it concerns these two systems.

Just google " verified by visa 2009 " or go to this link : http://www.boingboing.net/2009/03/28/verified-by-...

VBV or UCAF/SPA static passwords can be easily phished. Once phished and used by fraudsters, it then makes it very difficult (not impossible) for the legitimate cardholder to dispute a fraudulent online payment made with his VBV or UCAF/SPA credentials.

On the other hand, fraudsters can easily collaborate and share each other's VBV or UCAF/SPA credentials and then dispute the charges with the issuing banks. The issuing Banks can never prove that the cardholder's static VBV or UCAF/SPA's credentials were not phished or compromised.

HDFC's one time code, is not a one-time code but a one-time use visa or mastercard number. These one time use card numbers are good but it does not protect the real card number. Some online merchants also do not accept these one-time card numbers since they do require the presentation of the actual card (number) to retrieve an airline or train ticket, for example.

By: Vipul Grover

Vipul Grover — Sun, 05 Jul 2009 03:01:12 +0000

Hi fellow blogger
Thanks for showing interest in Blogathon on IndiBlogger Forums. To make things easier, we have created a blog, BLOG-A-TON (link: http://blog-a-ton.blogspot.com/ ) through which you can stay updated about the event.
So hurry up and start following it to participate in further discussions and stay updated always.
Looking forward to your support.
Lets Blog:)

By: RBI makes it mandatory for banks to provide additional …

RBI makes it mandatory for banks to provide additional … — Sat, 04 Jul 2009 00:57:02 +0000

[...] Read the original: RBI makes it mandatory for banks to provide additional … [...]