‘Shopping and selling online gets more secure’.
Shopping online for all types of products and services is gaining popularity especially amongst the time-crunched working class in India because it offers them 24 x 7 buying convenience; no more worrying about reaching the shops before they close. Unfortunately, the expanding Indian ecommerce market has also attracted the attention of criminals. These internet savvy online criminals seek to defraud people by stealing their identities and card information. In light of the expanding online market and rise of online crime, on August 1, 2009, the Reserve Bank of India (RBI) made a second factor authentication mandatory for online transaction using credit and debit cards. Read more
Second factor authentication is term used to describe any authentication mechanism where more than one thing is required to authenticate a customer. In this case, when a customer wants to pay for a product or service online, in addition to entering to his username and password, he will also need to enter a second password to authenticate the transaction. This second password will be issued by the card issuing bank and is considered to be more secure as this password doesn’t appear anywhere on the card and hence, cannot be used by unscrupulous individuals, if the card is copied or stolen.
The RBI mandate meant that all card-issuing banks had to enable their systems to throw up a pop-up window asking for this password to be entered when the card data was being transmitted to it for authentication. The second factor authentication process was mandatory for all online transactions using credit and debit cards. However, according to an official of a public sector bank, some banks continued to provide the facility of online transaction on foreign portal without the second factor authentication. (Source: The Times of India)
To dispel the notion that the second factor authentication process is applicable only on Indian transactions and not on international ones, RBI issued a clarification that the additional validation is compulsory for "all transactions using cards issued in India, for payments on merchant site where no outflow of foreign exchange is contemplated." It also clearly states that it is not going to compromise on the security of online transactions. Read more
What does this mandate mean for online shoppers and merchants?
In ‘layman’ terms, when shopping online an additional password will be required for authentication. Every time a transaction is done online, a second password will be required whether you are an Indian customer purchasing products on a foreign website or whether you are an Indian merchant selling to foreign consumers. RBIs goal of adding this extra authentication process is to reduce the risk involved in making an online transaction and protecting merchants dealing with foreign customer cards.
Though critics say that these extra security measures will result in a drop in transactions which could discourage merchants to go and sell online and could harm the fledgling eCommerce industry in India, many find it heartening to see that RBI, through this notification, laying down a clear line and taking the initiative to maximize the security of online transactions. This will prove to be beneficial for the industry in the long run.