RBI/2011-12/145
DPSS.PD.CO. No.223/02.14.003/2011-2012
The Chairman and Managing Director / Chief Executive Officers
All Scheduled Commercial Banks including RRBs /
Urban Co-operative Banks / State Co-operative Banks /
District Central Co-operative Banks/Authorised Card Payment Networks
Madam / Dear Sir
Security Issues and Risk mitigation measures related to Card Not Present (CNP) transactions.
Please refer to our circular RBI/DPSS No. 1501 / 02.14.003 / 2008-2009 dated February 18, 2009 wherein a directive was issued making it mandatory for banks to put in place additional authentication / validation based on information not visible on the cards for all on-line card not present(CNP) transactions except IVR transactions from August 01, 2009. This mandate was extended to cover all IVR transactions with effect from February 01, 2011 vide our circular RBI/DPSS No. 1503 / 02.14.003 /2010-2011 dated December 31, 2010.
2. Banks had been advised vide para 4 of the directions contained in RBI/DPSS No. 1503 / 02.14.003 /2010-2011 dated December 31, 2010 to revert on the introduction of additional factor of authentication for certain category of CNP transactions detailed therein. The matter was discussed in a meeting of banks with the Reserve Bank of India on June 22, 2011 wherein it was emphasizedby the Reserve Bank that while it was not advocating any specific solution in this regard, it is imperative that all CNP transactions are brought within the ambit of additional factor of authentication without further delay. To this end, banks were advised to evaluate possible alternatives at the earliest.Based on the feedback from the stakeholders and keeping in view the interest of card holders the following directions are issued:
- It is mandatory to put in place additional factor of authentication for all CNP transactions indicated in para 4 of our directions dated December 31, 2010 with effect from May 01, 2012.
- In case of customer complaint regarding issues, if any,arising out of transactions effected without the additional factor of authentication after the stipulated date, the issuer bank shall reimburse the loss to the customer further without demur.
3. The directive is issued under section 18 of Payment and Settlement Systems Act 2007, (Act 51 of 2007).
4. Please acknowledge receipt.
Yours faithfully,
Vijay Chugh
Chief General Manager.
Wow! This blog looks just like my old one! It’s on a completely different subject but it has pretty much the same layout and design. Superb choice of colors!
Thanks for sharing excellent informations. Your web-site is so cool. I am impressed by the details that you have on this site. It reveals how nicely you perceive this subject. Bookmarked this website page, will come back for more articles. You, my friend, ROCK! I found just the info I already searched everywhere and simply could not come across. What a great site.
I would like to thnkx for the efforts you have put in writing this website. I’m hoping the same high-grade web site post from you in the upcoming as well. Actually your creative writing abilities has encouraged me to get my own website now. Actually the blogging is spreading its wings fast. Your write up is a great example of it.