From now, no OTP will be required for payments under Rs 2,000
The RBI had earlier relaxed the second factor authentication requirement for transactions in shops using near field communication or contactless cards.In a move that will make it easier for cab aggregators likeUberandOlaand other online merchants to accept cards, theRBIhas relaxed two-factorauthenticationfor online payments below Rs 2,000.
The RBI's insistence on a second factor authentication (in the form of a one-time password, orOTP) had prompted cab aggregators to tie up with digital wallets like Paytm. While customers can even now pay by card, they need to wait for a text message containing the OTP before concluding the transaction.In future, if they register with the merchant, they can complete the payment by entering a password authenticated by the card network.
The RBI had earlier relaxed the second factor authentication requirement for transactions in shops using near field communication (NFC) or contactless cards. According to Vijay Jasuja, MD & CEO, SBI Cards, there had been a representation from the industry to relax the two-factor authentication norms for low-value transactions.
Amit Jain, president, UberIndia, said, "This waiver is a big leap in the right direction to bring ease and convenience to the use of cards over cash and will strengthen the foundation for a leading digital economy."
In its circular issued on Tuesday, the RBI said that it has been receiving requests from certain segments of the industry for reviewing the requirement of additional factor authentication for low-value online card-not-present (CNP) transactions. The RBI said that it was not happy with merchant-specific solutions as an alternative. But a solution by card networks (Visa,MasterCard,RuPay) is expected to meet the objective of customer convenience with sufficient security for low-value transactions.
The network-provided solutions include Visa Checkout and Mastercard's Masterpass. Customers opting for this facility will go through a one-timeregistrationprocess, requiring entry of card details and additional factor authentication by the issuing bank. In this model, the card details already registered would be the first factor while the network-provided password would be the additional factor of authentication.
"This is a very elegant solution as it will prevent dropout of transactions without diluting the security of the payment architecture," said TR Ramachandran, country head, Visa.