In a move to ease online payments and make it less time consuming, the Reserve Bank of India (RBI) has relaxed the 2-step authentication for online card transactions involving sums up to Rs 2000.
Currently, online transactions involving a credit/debit card requires users to first enter card details on the merchant’s payment gateway, wait for a one-time password (OTP) to be sent to their mobile phone, and then use this number to complete the purchase. However, that is not the same case with digital wallets like Paytm or Freecharge, where users can make payments using without a two-factor authentication.
RBI said that the central bank’s intent is to provide a level playing field to everyone in the payments ecosystem. “If you provide a facility to one company then it must be provided to everyone,” said Vijay Jasuja, chief executive officer, SBI Cards Pvt. Ltd.
“Customer consent shall be taken while making this solution available to them,” RBI said.
Customers opting for this facility will go through a one-time registration process requiring entry of card details and additional factor of authentication by the issuing bank. Thereafter, the registered customers will not be required to re-enter the card details for every transaction at merchant locations that offer this solution and, thereby, save time and effort.
The card details already registered would be the first factor while the credentials used to login to the solution (as confirmed by the card network providing the solution) would be the additional factor of authentication.
RBI said that Banks and card networks have to educate customers opting for this facility to understand that the maximum liability lies with users themselves and it’s their responsibility to report any frauds while transacting.