RBI asks Uber to follow two-step card verification
MUMBAI: Global startups like San Francisco-based car hire company Uber and e-commerce players will have to rework their billing systems in India with the Reserve Bank of India insisting on second factor authentication for all `card not present' transactions in the country.
The RBI has also banned dollar billing for local services and has asked companies using offshore payment gateways for transactions in India to immediately cease this practice and settle payments within the country.
A 'Card not present' or CNP transaction is the terminology used by the RBI to describe payments made without actually swiping the card but using details on the card. This applies to online payments and interactive voice-response systems over the phone. The second factor authentication, a one-time or permanent password, is mandatory for CNP transactions in India.
However, foreign merchants have no such mandate from their regulators and it is possible to buy from international sites without second factor authentication.
The issue had come to the fore after Uber's launch in India. The car rental service works through a mobile app for both users and car taxi owners. Uber's USP is providing a private car experience to hirers. A passenger can walk out of the car at the destination without any payment.
The fare is computed at the back-end by the GPS system and debited to his credit card using account details, which are stored in the company's servers. Following its India entry, rival taxi operators such as Meru and Ola Cabs had complained that Uber was not following the RBI norms.
But later when Uber said that it was using an international payment gateway to work around the two-stage authentication mandated by the RBI, rivals had started looking at offering a similar facility. RBI's move, however, has put a lid on such moves.
Some international airline booking sites book flights with in India without second factor authentication.
"It has come to our notice that there are instances of card not present transactions being effected without the mandated additional authentication validation even where the under lying transactions are essentially taking place between two residents in India," RBI said in its circular issued on Friday. A transaction is considered local where both the purchaser and service provider are in India.
"It is also observed that these entities are evading the mandate of additional authentication by following business models which are resulting in foreign exchange outflow. Such camouflaging and flouting of extant instructions on card security, which has been made possible by merchant transactions being acquired by banks located overseas resulting in an outflow of foreign exchange in the settlement of these transactions, is not acceptable as this is in violation of the directives issued under the Payment and Settlement Systems Act 2007 besides the requirements under the Foreign Exchange Management Act, 1999," the RBI said.
MUMBAI: Global startups like San Francisco-based car hire company Uber and e-commerce players will have to rework their billing systems in India with the Reserve Bank of India insisting on second factor authentication for all `card not present' transactions in the country.
The RBI has also banned dollar billing for local services and has asked companies using offshore payment gateways for transactions in India to immediately cease this practice and settle payments within the country.
A 'Card not present' or CNP transaction is the terminology used by the RBI to describe payments made without actually swiping the card but using details on the card. This applies to online payments and interactive voice-response systems over the phone. The second factor authentication, a one-time or permanent password, is mandatory for CNP transactions in India.
However, foreign merchants have no such mandate from their regulators and it is possible to buy from international sites without second factor authentication.
The issue had come to the fore after Uber's launch in India. The car rental service works through a mobile app for both users and car taxi owners. Uber's USP is providing a private car experience to hirers. A passenger can walk out of the car at the destination without any payment.
The fare is computed at the back-end by the GPS system and debited to his credit card using account details, which are stored in the company's servers. Following its India entry, rival taxi operators such as Meru and Ola Cabs had complained that Uber was not following the RBI norms.
But later when Uber said that it was using an international payment gateway to work around the two-stage authentication mandated by the RBI, rivals had started looking at offering a similar facility. RBI's move, however, has put a lid on such moves.
Some international airline booking sites book flights with in India without second factor authentication.
"It has come to our notice that there are instances of card not present transactions being effected without the mandated additional authentication validation even where the under lying transactions are essentially taking place between two residents in India," RBI said in its circular issued on Friday. A transaction is considered local where both the purchaser and service provider are in India.
"It is also observed that these entities are evading the mandate of additional authentication by following business models which are resulting in foreign exchange outflow. Such camouflaging and flouting of extant instructions on card security, which has been made possible by merchant transactions being acquired by banks located overseas resulting in an outflow of foreign exchange in the settlement of these transactions, is not acceptable as this is in violation of the directives issued under the Payment and Settlement Systems Act 2007 besides the requirements under the Foreign Exchange Management Act, 1999," the RBI said.
No comments:
Post a Comment