Thursday, December 8, 2016

Relaxation in Additional Factor of Authentication for payments upto Rs. 2000/-

How does it work?
The card issuing banks will offer the “payment authentication solutions” to their customers on an optional basis. Opting Customers will go through a one-time registration requiring entry of card details, etc. and AFA( Additional Factor authentication) by the issuing bank. The registered customers will not be required to re-enter the card details for every transaction at merchant locations. The card details already registered would be the first factor while the credentials used to login would be the additional factor of authentication.

The AFA requirement for transactions upto Rs.2000/- for such transactions is being relaxed, subject to:

i.           Only authorised card networks shall provide such solutions with participation of card issuing and acquiring banks,
ii.          Customer consent shall be taken while making this solution available
iii.         The relaxation shall be applicable for a maximum value of Rs. 2,000/- per transaction. Banks and card networks are free to set lower limits,
iv.          Beyond Rs. 2000/-, the card not present transaction has to be processed as per the extant instructions,
v.          Suitable velocity checks (i.e., how many transactions will be allowed in a day / week / month) may be put in place,
vi.          No change in the existing chargeback process.

Banks and authorised card networks are also advised to:

i.           Make customers aware that the solution is an optional facility for values upto Rs. 2000/- only and they are free to make payments using other forms of AFA,

ii.          Educate the customers about its use, risk and the mechanism for customer grievance redressal and reporting of complaints through multiple channels (website, phone banking, SMS, IVR etc.),

iii.         Indicate the maximum liability devolving on the customer and the responsibility of the customer to report any frauds,

iv.          Bear the full liability in the event of any security breach or compromise in the authorised card network.

The authorised card network operators, may also facilitate participation of cardholders from other authorised card networks, through appropriate network level arrangements.

Based on RBI circular dated 6/12/2016. For any further clarification please refer