In light of the recent demonetization and the increased need for customers to transact digitally, the Reserve Bank of India received several requests from stakeholders to review and relax the requirement for two-factor authentication, otherwise known as AFA (additional factor of authentication) for low value transactions.
This led to the RBI relaxing the OTP rules for online transactions (or Card Not Present transactions) under the value of Rs.2000 on December 6, 2016. This said, the relaxation is not a blanket move that all individuals have to adhere to, here is a quick round-up on all the details with regards to this new policy.
How does the system work?
The new rule is a consent driven mechanism and customers will need to opt-in for this facility and complete a one time registration (that includes entering card details and a password authenticated by the card network) in order to avail it. The way it works is – card issuing banks will offer the payment authentication solutions of respective card networks (Visa, Mastercard and RuPay) to customers on an optional basis.
What does it mean for customers?
Once customers have completed the one time registration, they can start transacting online without much hassle. Registered customers will not be required to re-enter the card details for every transaction at merchant websites or apps. The card details already registered becomes the first factor of authentication and the credentials used to log in into the solution will be considered the second factor of authentication.
It is also important to note that customers are allowed to set individual lower limits for allowing such transactions.
How are chargebacks and liabilities addressed?
The initial idea for two factor authentication was to ensure safety and security of online transactions. Now, with this new rule, the full liability of protecting customers from online security breaches rests with banks and card networks.
In order to reduce security risks, banks and card networks are allowed to control the velocity of such transactions (that is the number of such transactions that can be done in a fixed time period, like a day/week/month)
The chargeback process for online transactions does not change with this new rule and continues to remain the same for all online transactions, regardless of the transaction value.
To know more about how chargebacks actually work, read our comprehensive chargeback guide.
What does this mean for online businesses?
Online businesses, even the large ones – the likes of Uber had adopted prepaid digital wallets previously, since customers had to face the hassle of entering OTPs if they wished to make payments through cards, leading to time waste and poor customer experience. Now, with the introduction of this new rule, the additional layer of friction has been removed and customers have to just register with the merchant and complete the payment by entering a password authenticated by the card network. Hence, collecting online payments for merchants just got more easy and efficient.
For transactions over Rs. 2000 where OTPs are required, merchants can use online payment solutions like Razorpay that auto-fills OTPs and enables a seamless payment process for customers