Friday, March 15, 2013

New Norms for Credit & Debit Cards


Reserve Bank of India (RBI) vide Circular dated 28.02.2013 on “Security and Risk Mitigation Measures for Electronic Payment Transactions” has directed banks to put in place the following safety measures for Credit and Debit Card Transactions :

• All new debit and credit cards to be issued only for domestic usage unless international use is specifically sought by the customer. Such cards enabling international usage will have to be essentially EMV Chip and Pin enabled. (By June 30, 2013).

• Issuing banks should convert all existing Magstripe cards to EMV Chip card for all customers who have used their cards internationally at least once (for/through e-commerce/ATM/POS) (By June 30, 2013).

• All the active Magstripe international cards issued by banks should have threshold limit for international usage. The threshold should be determined by the banks based on the risk profile of the customer and accepted by the customer (By June 30,2013).

• Banks should ensure that the terminals installed at the merchants for capturing card payments (including the double swipe terminals used) should be certified for PCI-DSS (Payment Card Industry – Data Security Standards) and PA-DSS (Payment Applications – Data Security Standards) (By June 30,2013).

• Bank should frame rules based on the transaction pattern of the usage of cards by the customers in coordination with the authorized card payment networks for arresting fraud (By June 30, 2013).

• Banks should ensure that all acquiring infrastructure that is currently operational on IP (internet protocol) based solutions are mandatorily made to go through PCI-DSS and PA-DSS certification. This should include acquirers, processors/aggregators and large merchants (By June 30, 2013).

• Banks should move towards real time fraud monitoring system at the earliest.

• Banks should provide easier methods (like SMS) for the customer to block his card and get a confirmation to that effect after blocking the card.

• Banks should move towards a system that facilitates implementation of additional facilitates implementation of additional factor of authentication for cards issued in India and used internationally (transactions acquired by banks located abroad).

After discussions with Banks, the RBI had issued the guidelines vide Circular dated 28.02.2013 on “Security and Risk Mitigation Measures for Electronic Payment Transactions”.