Recently, RBI revealed some guidelines ensure the safety of the debit, credit card users from online frauds. Read on to know more…
Recently, Reserve Bank of India (RBI) has been taking initiatives to provide debit and credit card users safety from card skimming and cloning defaults. With an aim to secure debit, credit card users from online skimming fraud or attack, the RBI has issued circular to the Indian banks that for online payment of more than Rs 2,000 cardholders can do the digital payment without using their debit or credit card PIN. From 17th March 2020, Indian Banks have been directed by the Apex Indian Bank to send OTP (One Time Password) to the debit, credit card holders that will be used instead of the PIN number. The RBI is of the opinion that it will contain chances of online skimming or card cloning as PIN will become invalid after 15 minutes and the PIN number of the bank customer will remain chested with the cardholder.
Issuing guidelines to the Payment Aggregators (PAs) and Payment Gateways (PGs) the RBI said, “Based on the feedback received and taking into account the important functions of these intermediaries in the online payments space as also keeping in view their role vis-à-vis handling funds, it has been decided to (a) regulate in entirety the activities of PAs as per the guidelines in Annex 1, and (b) provide baseline technology-related recommendations to PGs.” In this notification, RBI went on to add that PGs shall be considered as ‘technology providers’ or ‘outsourcing partners’ of banks or non-banks, as the case may be.
Checks on Merchants
The RBI also made it clear that PAs shall undertake background and antecedent check of the merchants, to ensure that such merchants do not have any malafide intention of duping customers, do not sell fake, counterfeit, prohibited products, etc. The merchant’s website shall clearly indicate the terms and conditions of the service and time-line for processing returns and refunds. so, in case of refund, the money will be sent into the source of payment means either in the credit card or into the bank account if the payment is done through a debit card. Generally, the refund is done into the e-wallet of the customer means the money will remain with the PGs and it will be mandatory for the customer to use that gateway to get one’s refund money. Hence, from now onwards, if you are getting a refund from Paytm, MobiKwik, PhonePe, etc., make sure that the refund has been done into the source of payment, not in your e-wallet.
Instructing the PAs to handle the cybersecurity of the customers citing, “A strong risk management system is necessary to meet the challenges of fraud and ensure customer protection. PAs shall put in place adequate information and data security infrastructure and systems for the prevention and detection of frauds.PAs shall put in place a Board-approved information security policy for the safety and security of the payment systems operated by them and implement security measures in accordance with this policy to mitigate identified risks.”
“PAs shall be responsible to check Payment Card Industry-Data Security Standard (PCI-DSS) and Payment Application-Data Security Standard (PA-DSS) compliance of the infrastructure of the merchants on-boarded. Merchant site shall not save customer card and such related data. A security audit of the merchant may be carried out to check compliance, as and when required,” the RBI notification read.