RBI has issued a new directive on 18th Feb’09 mandating Banks and Credit Card Companies to put in place an additional authetication/validation for all “card not present” transactions from 1st Aug’09.
Further “online alerts” must be provided to the customer for all “card not present” transactions of value of Rs.5,000/- and above.
This is a great step towards secure transactions over the internet, especially in India where legal system is not strong enough to book the culprits and card holders are left to the mercy of the Card Companies in case of any dispuit.
Though this will require Banks & Credit Card Companies to invest in additional systems and may also force customers to carry hardware tokens or other second/third factor authentication device, this will definitely improve the security of the transaction and both Card Issuers and Merchants can hope for increased volumes.
Refer RBI Website for the Notification.
The coming 5 months will show the different methods choosen by Card Issuers to provide this new feature. What I can think of as additional authentication/verification are
a. Hardware Token; (HSBC Credit card)
b. Software Token; (Axis Bank iConnect)
c. Random Questions for which you already have recorded the answers (HDFC NetBanking)
d. SMS based confirmation (YES Bank)
e. Call & Confirm (not practical – considering the effort and time taken, may be can try for IVR – key in Card No., Transaction No. & the required personnel detail – get Authentication Code)
f. Email Confirmation (After you do the transaction – you will get email – you need to reply/click on link in email to confirm the transaction – you will be given a pre-defined time frame for completing the transaction. This cannot be used for all sites esp. for travel booking, but can be used for online shopping).
g. Additional Password (something like Verified by Visa)
And Many More….