Ecommerce Industry Braces for Change – Online Transaction Made Difficult [More Secure]

Ecommerce Industry is bracing for a change – now you will not be able to use your debit/credit card online UNLESS you register with your bank.

RBI has issued guidelines making it mandatory for all online transactions to have an extra level of authentication. The ‘extra’ level, is a password that you will have to enter after entering your credit/debit carddetails while making online payments. You will require this ‘extra password’ for transacting on any website in India.

Online Transaction – What has changed

  • Beyond August 1, you will NOT be able to use your debit/credit card online UNLESS you register with your bank. Registration is a very simple process. Click here to know more.
  • To implement this new mandate, Visa is using a technology called Verified by Visa (VbV) and MasterCard is using a technology called SecureCode (MSC).
  • For AMEX card holders, the ‘extra level of authentication’ will work slightly differently.You will be asked to enter you billing address, which will be passed on to the bank. This will be checked against your billing address the bank has on its records. If the addresses don’t match your payment will be rejected. This technology is called AVS – Address Verification System.

 

ecommerce RBI Guidelines - Online Transactions made Difficult?

ecommerce RBI Guidelines - Online Trasnactions made Difficult?

Links to Bank portals – Axis Bank, ABN Amro, Citibank, Deutsche Bank, HDFC, HSBC, ICICI Bank, Karur Vysya, SBI, Standard Chartered

RBI Guidelines

The use of Credit/Debit Cards has been increasing in the country. We have been reviewing various options to enhance the security of online card transactions. After extensive consultations with banks/card companies, it has been decided as under:
- It would be mandatory to put in place with effect from August 01, 2009:
i) A system of providing for additional authentication/validation based on information not visible on the cards for all on-line card not present transactions except IVR transactions (for which separate instructions will follow).
ii) A system of “Online Alerts” to the cardholder for all ‘card not present’ transactions of the value of Rs. 5,000/ and above.
3. Banks are advised to strictly adhere to the instructions and time discipline indicated in this circular. Non-adherence to the directives shall attract penalties prescribed under the Payment and Settlement Systems Act 2007 (Act 51 of 2007).
Download a copy of RBI guidelines here

Immediate Impact to Ecommerce Sites

This move will surely impact the ecommerce players in the short run (hopefully limited to short run only)– many shoppers will simply ditch the buying decision at the checkout process.

Infact, expect a major hit to the entire ecommerce industry as the various stakeholders aren’t in-sync with the guidelines.

Key questions to RBI and the stakeholders

  • Have Banks improved their operations? Normally, it takes 10-15 days to get the online password from ICICI (which happens to have the largest share of online transactions in the country)
  • Why is VISA/Master Card/AMEX not reaching out to consumers? Isn’t it their duty as well?

How do you think ecommerce companies should handle this?

Recommended Read:

Image courtesy