Regulatory policy wonks in India are engaged in intense combat — this time, over whether the Reserve Bank of India has gone overboard with seeking to secure online and offline credit card payments. The RBI has made it mandatory to validate offline credit card payments in India with a ‘PIN’ (personal identification number) and online Indian payments with an ‘OTP’ (one-time password) to be generated by SMS on the mobile phone.
Thanks to these measures, India has one of the most secure credit card and online payment systems in the world. Some have attacked the security measures as being retrograde. The main charge is that the two-stage validation process wastes time. The argument is that the benefits gained from the security measure do not out-weigh the cost of the additional time spent. Moreover, since the RBI does not regulate foreign payment gateways, it has exempted them from the security requirement — so, payments made even from India, through foreign payment gateways, do not have to comply with this security measure.
What this means for the consumer is that purchase of a book on Amazon.com would not require an OTP while purchase of the same book on Amazon.in would require it. Both sites enable storing your credit card information (if you are willing to trust their servers with your data). On Amazon.in, you need to enter your CVV/CSC number (“card verification value” or “card security code”) — a number physically pre-printed on your card. Once your transaction is authenticated, you also have to get your OTP by sending a text message to your credit card issuer. An OTP gets sent to your phone within seconds of the SMS request and is valid for a single use, to be made within 30 minutes.
On Amazon.com, since the security feature is not mandatory, if your credit card data is stored on its server, you can complete your purchase with a single click (popularly branded as “1-Click Ordering”). Therefore, does it take longer to shop on an Indian site? Yes. Is that an unbearable time burden? No. And, does it make India a more secure place for electronic payments? Indeed.
According to The Nilson Report, a payments industry trade journal, the United States, accounts for nearly 47 per cent of the global credit card fraud even while contributing to just 23 per cent of the volume of global credit card payments. On the other hand, media reports quote Visa International as stating that India has the lowest online card fraud incidence. Yet, the size of credit card frauds is growing worldwide, and does pose a threat to confidence in the electronic payments system.
As India brings more of her people into the banking and electronic payment system, the scope for fraud too would increase. There is also the culture of general laxity with security that needs to be contended with. For example, after the RBI introduced the mandatory requirement to enter your PIN into the card reader in the store to effect an offline credit card payment, many restaurants did not deploy wireless card readers. Waiters would simply ask the guest for the PIN and many, lazy to get up from their tables, would gladly oblige. This is pretty much how most passwords are compromised — simply by asking.
Against this backdrop, the benefit of better security in online and offline credit card payments can outweigh the cost of spending a few more seconds getting an OTP on sms, or entering the PIN into a card reader. In a nation that has poor banking penetration and a propensity to stack currency notes under the mattress for safe-keeping, one blaring slanging match in a prime-time television debate can be enough to destroy confidence in the banking system.
On the other hand, India, home to 16 per cent of the global population, would do well to innovate and lead the change in how payments are made secure worldwide. After all, one should remember that even while shares of Chinese online retailer Alibaba.com got a fancy valuation for listing shares in the United States, Indian online retail companies such as Flipkart and Snapdeal snapped up spectacular valuations and attracted serious investments despite the payment security measures.
Credit Sudhaar is India’s first Credit Health management & improvement company whose goal is to help clients to Restore, Enhance and Protect their Credit and make them credit healthy.
CS IdentityShield helps you to Monitor, Protect and Recover your Identity from multiple risks.
Courtesy: Pune Mirror