SlideShare a Scribd company logo

Rbi circular

Scott Stangeland
Scott Stangeland

(1) RBI issued security and risk mitigation measures for electronic payment transactions that banks must implement by June 30, 2013 to secure card and online payment systems from cyberattacks and fraud. (2) The measures include converting all magstripe cards to EMV chip cards for international transactions, implementing limits on international card usage, certifying payment terminals and infrastructure for security standards, and introducing real-time fraud monitoring and additional authentication for transactions. (3) For online payments, the measures involve giving customers options to set transaction caps and limits on new payees, implementing velocity checks on transactions, capturing IP addresses, and exploring new authentication technologies for fraud detection.

1 of 3
Download to read offline
RBI / 2012 -13/424 DPSS (CO) PD No.1462 / 02.14.003 / 2012-13 February 28, 2013 The Chairman and Managing Director / Chief Executive Officers All Scheduled Commercial Banks including RRBs / Urban Co-operative Banks / State Co-operative Banks / District Central Co-operative Banks/ Authorised Card Payment Networks Madam / Dear Sir, Security and Risk Mitigation Measures for Electronic Payment Transactions Payments effected through alternate payment products/channels are becoming popular among the customers with more and more banks providing such facilities to their customers. While this move of the banks indeed promotes and encourages the usage of electronic payments, it is imperative that the banks ensure that transactions effected through such channels are safe and secure and not easily amenable to fraudulent usage. One such initiative by RBI, was mandating additional factor of authentication for all card not present (CNP) transactions. Security of card present transactions has also been initiated by RBI through the implementation of recommendations of the Working Group on Securing Card Present transactions. Banks have also put in place mechanisms and validation checks for facilitating on-line funds transfer, such as: (i) enrolling customer for internet/mobile banking; (ii) addition of beneficiary by the customer; (iii) velocity checks on transactions, etc. 2. With cyber-attacks becoming more unpredictable and electronic payment systems becoming vulnerable to new types of misuse, it is imperative that banks introduce certain minimum checks and balances to minimise the impact of such attacks and to arrest/minimise the damage. Accordingly, banks are required to put in place security and risk control measures as detailed here under: A. Securing Card Payment Transactions (i) All new debit and credit cards to be issued only for domestic usage unless international use is specifically sought by the customer. Such cards enabling international usage will have to be essentially EMV Chip and Pin enabled. (By June 30, 2013) (ii)Issuing banks should convert all existing MagStripe cards to EMV Chip card for all customers who have used their cards internationally at least once (for/through e- commerce/ATM/POS) (By June 30, 2013) (iii) All the active Magstripe international cards issued by banks should have threshold limit for international usage. The threshold should be determined by the banks based on the risk profile of the customer and accepted by the customer (By June 30, 2013). Till
such time this process is completed an omnibus threshold limit (say, not exceeding USD 500) as determined by each bank may be put in place for all debit cards and all credit cards that have not been used for international transactions in the past. (iv) Banks should ensure that the terminals installed at the merchants for capturing card payments (including the double swipe terminals used) should be certified for PCI-DSS (Payment Card Industry- Data Security Standards) and PA-DSS (Payment Applications -Data Security Standards) (By June 30, 2013). (v) Bank should frame rules based on the transaction pattern of the usage of cards by the customers in coordination with the authorized card payment networks for arresting fraud. This would act as a fraud prevention measure (By June 30, 2013). (vi) Banks should ensure that all acquiring infrastructure that is currently operational on IP (Internet Protocol) based solutions are mandatorily made to go through PCI-DSS and PA-DSS certification. This should include acquirers, processors / aggregators and large merchants (By June 30, 2013). (vii) Banks should move towards real time fraud monitoring system at the earliest. (viii)Banks should provide easier methods (like SMS) for the customer to block his card and get a confirmation to that effect after blocking the card. (ix) Banks should move towards a system that facilitates implementation of additional factor of authentication for cards issued in India and used internationally (transactions acquired by banks located abroad). (x) Banks should build in a system of call referral1 in co-ordination with the card payment networks based on the rules framed at (v) above. B. Securing Electronic Payment Transactions The electronic modes of payment like RTGS, NEFT and IMPS have emerged as channel agnostic modes of funds transfer. These have picked up to a large extent through the internet banking channel and hence it is imperative that such delivery channels are also safe and secure. Some of the additional measures that need to be introduced by the banks could be as follows: (i) Customer induced options may be provided for fixing a cap on the value / mode of transactions/beneficiaries. In the event of customer wanting to exceed the cap, an additional authorization may be insisted upon. 1 Call Referral implies:- -Card is swiped at the EDC at the merchant. -Issuer responds with a “Call Issuer” decision. -Merchant calls the acquiring bank with details of the card number and transaction data. -Acquirer calls the issuing bank to seek authorization -Issuing bank approves/ declines the transaction post speaking with the customer and validating the transaction. -Merchant will need to swipe the card again to obtain approval
(ii) Limit on the number of beneficiaries that may be added in a day per account could be considered. (iii) A system of alert may be introduced when a beneficiary is added. (iv) Banks may put in place mechanism for velocity check on the number of transactions effected per day/ per beneficiary and any suspicious operations should be subjected to alert within the bank and to the customer. (iv) Introduction of additional factor of authentication (preferably dynamic in nature) for such payment transactions should be considered. (vi) The banks may consider implementation of digital signature for large value payments for all customers, to start with for RTGS transactions. (vii) Capturing of Internet Protocol (IP) address as an additional validation check should be considered. (vii) Sub-membership of banks to the centralised payment systems has made it possible for the customers of such sub-members to reap the benefits of the same. Banks accepting sub-members should ensure that the security measures put in place by the sub members are on par with the standards followed by them so as to ensure the safety and mitigate the reputation risk. (viii) Banks may explore the feasibility of implementing new technologies like adaptive authentication, etc. for fraud detection. The above security measures under B (i) to (viii) are expected to be put in place by banks by June 30, 2013. 3. Banks are advised to quickly implement the above security/risk mitigation measures and keep us posted with the progress made in this regard. 4. The directive is issued under section 18 of Payment and Settlement Systems Act 2007, (Act 51 of 2007). 5. Please acknowledge the receipt of this circular. Yours faithfully, (Vijay Chugh) Chief General Manager Related Press Release Feb 28, 2012 RBI releases Security and Risk Mitigation measures for Electronic Payment Transactions

Recommended

Mobile Wallets - Brief Info Overview
Mobile Wallets - Brief Info OverviewMobile Wallets - Brief Info Overview
Mobile Wallets - Brief Info Overview
India Business Reports
 
Electronic payment system
Electronic payment systemElectronic payment system
Electronic payment system
Sheetal goel
 
Atm Service in bangladesh
Atm Service in bangladeshAtm Service in bangladesh
Atm Service in bangladesh
Sultan Mahmood
 
Digital Payment Campaign
Digital Payment CampaignDigital Payment Campaign
Digital Payment Campaign
pankajkumar3274
 
Card payment evolution v1.0
Card payment evolution v1.0Card payment evolution v1.0
Card payment evolution v1.0
Nugroho Gito
 
EMV: Preparing for Changes to the Retail Payment Process
EMV: Preparing for Changes to the Retail Payment ProcessEMV: Preparing for Changes to the Retail Payment Process
EMV: Preparing for Changes to the Retail Payment Process
- Mark - Fullbright
 
Digital payment
Digital paymentDigital payment
Digital payment
Rushikesh Maddalwar
 
Innovation led Digital payments Seminar
Innovation led Digital payments Seminar Innovation led Digital payments Seminar
Innovation led Digital payments Seminar
TechXpla
 

Recommended

Mobile Wallets - Brief Info Overview
Mobile Wallets - Brief Info OverviewMobile Wallets - Brief Info Overview
Mobile Wallets - Brief Info Overview
India Business Reports
 
Electronic payment system
Electronic payment systemElectronic payment system
Electronic payment system
Sheetal goel
 
Atm Service in bangladesh
Atm Service in bangladeshAtm Service in bangladesh
Atm Service in bangladesh
Sultan Mahmood
 
Digital Payment Campaign
Digital Payment CampaignDigital Payment Campaign
Digital Payment Campaign
pankajkumar3274
 
Card payment evolution v1.0
Card payment evolution v1.0Card payment evolution v1.0
Card payment evolution v1.0
Nugroho Gito
 
EMV: Preparing for Changes to the Retail Payment Process
EMV: Preparing for Changes to the Retail Payment ProcessEMV: Preparing for Changes to the Retail Payment Process
EMV: Preparing for Changes to the Retail Payment Process
- Mark - Fullbright
 
Digital payment
Digital paymentDigital payment
Digital payment
Rushikesh Maddalwar
 
Innovation led Digital payments Seminar
Innovation led Digital payments Seminar Innovation led Digital payments Seminar
Innovation led Digital payments Seminar
TechXpla
 
Payment systems
Payment systemsPayment systems
Payment systems
Abhijeet Deshmukh
 
FinTech, Internet of Things & Patents
FinTech, Internet of Things & PatentsFinTech, Internet of Things & Patents
FinTech, Internet of Things & Patents
Alex G. Lee, Ph.D. Esq. CLP
 
Prepaid Payment Regulatory Aspects
Prepaid Payment Regulatory AspectsPrepaid Payment Regulatory Aspects
Prepaid Payment Regulatory Aspects
Raghavendra L Rao
 
Presentation of digital payments
Presentation of digital paymentsPresentation of digital payments
Presentation of digital payments
pro prosecl
 
Sms banking
Sms bankingSms banking
Sms banking
Ρяιтz ЯΑЅКΑℓ●๋•
 
Digital payments Presentations
Digital payments PresentationsDigital payments Presentations
Digital payments Presentations
TRIPLE S PORTFOLIO
 
Innovation in the Banking Sector
Innovation in the Banking Sector Innovation in the Banking Sector
Innovation in the Banking Sector
AGS Transact Technologies
 
Single UPI Platform for Banks to Play Card of Digital Transactions
Single UPI Platform for Banks to Play Card of Digital TransactionsSingle UPI Platform for Banks to Play Card of Digital Transactions
Single UPI Platform for Banks to Play Card of Digital Transactions
eTailing India
 
Digital payment system
Digital payment systemDigital payment system
Digital payment system
BharatHajare1
 
Payment and settlement systems in india vision - 2019-21
Payment and settlement systems in india vision - 2019-21Payment and settlement systems in india vision - 2019-21
Payment and settlement systems in india vision - 2019-21
Mukul Kumar
 
Mobile Banking
Mobile BankingMobile Banking
Mobile Banking
Sanjoy Suthar
 
Internet banking PPT PRESENTATION
Internet banking PPT PRESENTATION Internet banking PPT PRESENTATION
Internet banking PPT PRESENTATION
jaldumanohar manohar
 
RBI : Payment & Settlement Systems
RBI : Payment & Settlement SystemsRBI : Payment & Settlement Systems
RBI : Payment & Settlement Systems
Rahul Deka
 
India’s Emerging Payments Market
India’s Emerging Payments MarketIndia’s Emerging Payments Market
India’s Emerging Payments Market
Pradeep Kharvi
 
Electronic fund transfer
Electronic fund transferElectronic fund transfer
Electronic fund transfer
Nayan Vaghela
 
Indian Payments Industry Analysis
Indian Payments Industry AnalysisIndian Payments Industry Analysis
Indian Payments Industry Analysis
Aniket Harsh
 
INSTANT PAYMENTS by SOPRA BANKING - FinTech Belgium MeetUp 29/06/17
INSTANT PAYMENTS by SOPRA BANKING - FinTech Belgium MeetUp 29/06/17 INSTANT PAYMENTS by SOPRA BANKING - FinTech Belgium MeetUp 29/06/17
INSTANT PAYMENTS by SOPRA BANKING - FinTech Belgium MeetUp 29/06/17
Alessandra Gambrill - Guion
 
Digital payment merchants
Digital payment merchantsDigital payment merchants
Digital payment merchants
Confederation of Indian Industry
 
Digital transaction
Digital transactionDigital transaction
Digital transaction
Rashmi Shekhar
 
INSTANT PAYMENTS by BNPPF - FinTech Belgium MeetUp 29/06/17
INSTANT PAYMENTS by BNPPF - FinTech Belgium MeetUp 29/06/17 INSTANT PAYMENTS by BNPPF - FinTech Belgium MeetUp 29/06/17
INSTANT PAYMENTS by BNPPF - FinTech Belgium MeetUp 29/06/17
Alessandra Gambrill - Guion
 
Website designing and business the first step
Website designing and business the first stepWebsite designing and business the first step
Website designing and business the first step
Singh Jassy
 
Career Assessment Project
Career Assessment ProjectCareer Assessment Project
Career Assessment Project
melissakoster4
 

More Related Content

What's hot

Payment systems
Payment systemsPayment systems
Payment systems
Abhijeet Deshmukh
 
FinTech, Internet of Things & Patents
FinTech, Internet of Things & PatentsFinTech, Internet of Things & Patents
FinTech, Internet of Things & Patents
Alex G. Lee, Ph.D. Esq. CLP
 
Prepaid Payment Regulatory Aspects
Prepaid Payment Regulatory AspectsPrepaid Payment Regulatory Aspects
Prepaid Payment Regulatory Aspects
Raghavendra L Rao
 
Presentation of digital payments
Presentation of digital paymentsPresentation of digital payments
Presentation of digital payments
pro prosecl
 
Sms banking
Sms bankingSms banking
Sms banking
Ρяιтz ЯΑЅКΑℓ●๋•
 
Digital payments Presentations
Digital payments PresentationsDigital payments Presentations
Digital payments Presentations
TRIPLE S PORTFOLIO
 
Innovation in the Banking Sector
Innovation in the Banking Sector Innovation in the Banking Sector
Innovation in the Banking Sector
AGS Transact Technologies
 
Single UPI Platform for Banks to Play Card of Digital Transactions
Single UPI Platform for Banks to Play Card of Digital TransactionsSingle UPI Platform for Banks to Play Card of Digital Transactions
Single UPI Platform for Banks to Play Card of Digital Transactions
eTailing India
 
Digital payment system
Digital payment systemDigital payment system
Digital payment system
BharatHajare1
 
Payment and settlement systems in india vision - 2019-21
Payment and settlement systems in india vision - 2019-21Payment and settlement systems in india vision - 2019-21
Payment and settlement systems in india vision - 2019-21
Mukul Kumar
 
Mobile Banking
Mobile BankingMobile Banking
Mobile Banking
Sanjoy Suthar
 
Internet banking PPT PRESENTATION
Internet banking PPT PRESENTATION Internet banking PPT PRESENTATION
Internet banking PPT PRESENTATION
jaldumanohar manohar
 
RBI : Payment & Settlement Systems
RBI : Payment & Settlement SystemsRBI : Payment & Settlement Systems
RBI : Payment & Settlement Systems
Rahul Deka
 
India’s Emerging Payments Market
India’s Emerging Payments MarketIndia’s Emerging Payments Market
India’s Emerging Payments Market
Pradeep Kharvi
 
Electronic fund transfer
Electronic fund transferElectronic fund transfer
Electronic fund transfer
Nayan Vaghela
 
Indian Payments Industry Analysis
Indian Payments Industry AnalysisIndian Payments Industry Analysis
Indian Payments Industry Analysis
Aniket Harsh
 
INSTANT PAYMENTS by SOPRA BANKING - FinTech Belgium MeetUp 29/06/17
INSTANT PAYMENTS by SOPRA BANKING - FinTech Belgium MeetUp 29/06/17 INSTANT PAYMENTS by SOPRA BANKING - FinTech Belgium MeetUp 29/06/17
INSTANT PAYMENTS by SOPRA BANKING - FinTech Belgium MeetUp 29/06/17
Alessandra Gambrill - Guion
 
Digital payment merchants
Digital payment merchantsDigital payment merchants
Digital payment merchants
Confederation of Indian Industry
 
Digital transaction
Digital transactionDigital transaction
Digital transaction
Rashmi Shekhar
 
INSTANT PAYMENTS by BNPPF - FinTech Belgium MeetUp 29/06/17
INSTANT PAYMENTS by BNPPF - FinTech Belgium MeetUp 29/06/17 INSTANT PAYMENTS by BNPPF - FinTech Belgium MeetUp 29/06/17
INSTANT PAYMENTS by BNPPF - FinTech Belgium MeetUp 29/06/17
Alessandra Gambrill - Guion
 

What's hot (20)

Payment systems
Payment systemsPayment systems
Payment systems
 
FinTech, Internet of Things & Patents
FinTech, Internet of Things & PatentsFinTech, Internet of Things & Patents
FinTech, Internet of Things & Patents
 
Prepaid Payment Regulatory Aspects
Prepaid Payment Regulatory AspectsPrepaid Payment Regulatory Aspects
Prepaid Payment Regulatory Aspects
 
Presentation of digital payments
Presentation of digital paymentsPresentation of digital payments
Presentation of digital payments
 
Sms banking
Sms bankingSms banking
Sms banking
 
Digital payments Presentations
Digital payments PresentationsDigital payments Presentations
Digital payments Presentations
 
Innovation in the Banking Sector
Innovation in the Banking Sector Innovation in the Banking Sector
Innovation in the Banking Sector
 
Single UPI Platform for Banks to Play Card of Digital Transactions
Single UPI Platform for Banks to Play Card of Digital TransactionsSingle UPI Platform for Banks to Play Card of Digital Transactions
Single UPI Platform for Banks to Play Card of Digital Transactions
 
Digital payment system
Digital payment systemDigital payment system
Digital payment system
 
Payment and settlement systems in india vision - 2019-21
Payment and settlement systems in india vision - 2019-21Payment and settlement systems in india vision - 2019-21
Payment and settlement systems in india vision - 2019-21
 
Mobile Banking
Mobile BankingMobile Banking
Mobile Banking
 
Internet banking PPT PRESENTATION
Internet banking PPT PRESENTATION Internet banking PPT PRESENTATION
Internet banking PPT PRESENTATION
 
RBI : Payment & Settlement Systems
RBI : Payment & Settlement SystemsRBI : Payment & Settlement Systems
RBI : Payment & Settlement Systems
 
India’s Emerging Payments Market
India’s Emerging Payments MarketIndia’s Emerging Payments Market
India’s Emerging Payments Market
 
Electronic fund transfer
Electronic fund transferElectronic fund transfer
Electronic fund transfer
 
Indian Payments Industry Analysis
Indian Payments Industry AnalysisIndian Payments Industry Analysis
Indian Payments Industry Analysis
 
INSTANT PAYMENTS by SOPRA BANKING - FinTech Belgium MeetUp 29/06/17
INSTANT PAYMENTS by SOPRA BANKING - FinTech Belgium MeetUp 29/06/17 INSTANT PAYMENTS by SOPRA BANKING - FinTech Belgium MeetUp 29/06/17
INSTANT PAYMENTS by SOPRA BANKING - FinTech Belgium MeetUp 29/06/17
 
Digital payment merchants
Digital payment merchantsDigital payment merchants
Digital payment merchants
 
Digital transaction
Digital transactionDigital transaction
Digital transaction
 
INSTANT PAYMENTS by BNPPF - FinTech Belgium MeetUp 29/06/17
INSTANT PAYMENTS by BNPPF - FinTech Belgium MeetUp 29/06/17 INSTANT PAYMENTS by BNPPF - FinTech Belgium MeetUp 29/06/17
INSTANT PAYMENTS by BNPPF - FinTech Belgium MeetUp 29/06/17
 

Viewers also liked

Website designing and business the first step
Website designing and business the first stepWebsite designing and business the first step
Website designing and business the first step
Singh Jassy
 
Career Assessment Project
Career Assessment ProjectCareer Assessment Project
Career Assessment Project
melissakoster4
 
Presentazione standard1
Presentazione standard1Presentazione standard1
Presentazione standard1
darietta
 
Trust Box
Trust BoxTrust Box
Trust Box
Adam A Elmaghraby
 
Subscription Marketing: A Comprehensive "How To" Overview
Subscription Marketing: A Comprehensive "How To" OverviewSubscription Marketing: A Comprehensive "How To" Overview
Subscription Marketing: A Comprehensive "How To" Overview
BillBaird
 
Presentazione standard1
Presentazione standard1Presentazione standard1
Presentazione standard1darietta
 
Presentazione standard1
Presentazione standard1Presentazione standard1
Presentazione standard1
darietta
 
Career clusters
Career clustersCareer clusters
Career clusters
melissakoster4
 
Baird Digital Marketing Capabilities
Baird Digital Marketing CapabilitiesBaird Digital Marketing Capabilities
Baird Digital Marketing Capabilities
BillBaird
 
Career Clusters
Career ClustersCareer Clusters
Career Clusters
melissakoster4
 
Parasitology Course details
Parasitology Course detailsParasitology Course details
Parasitology Course details
jaffna-medicine
 
Thylacine the tasmanian tiger
Thylacine the tasmanian tigerThylacine the tasmanian tiger
Thylacine the tasmanian tiger
wearecool13
 
Thylacine,the Tasmanian tiger
Thylacine,the Tasmanian tigerThylacine,the Tasmanian tiger
Thylacine,the Tasmanian tiger
wearecool13
 
Library orientation medicine-2011
Library orientation medicine-2011Library orientation medicine-2011
Library orientation medicine-2011
jaffna-medicine
 
ION Network
ION NetworkION Network
ION Network
Adam A Elmaghraby
 
Vawt and Hawt comparison
Vawt and Hawt comparisonVawt and Hawt comparison
Vawt and Hawt comparison
Harihara Shyam
 
Irlanda
IrlandaIrlanda
Irlanda
darietta
 
Rotomolding
RotomoldingRotomolding
Rotomolding
rotomolding
 

Viewers also liked (19)

Website designing and business the first step
Website designing and business the first stepWebsite designing and business the first step
Website designing and business the first step
 
Career Assessment Project
Career Assessment ProjectCareer Assessment Project
Career Assessment Project
 
Presentazione standard1
Presentazione standard1Presentazione standard1
Presentazione standard1
 
Trust Box
Trust BoxTrust Box
Trust Box
 
Subscription Marketing: A Comprehensive "How To" Overview
Subscription Marketing: A Comprehensive "How To" OverviewSubscription Marketing: A Comprehensive "How To" Overview
Subscription Marketing: A Comprehensive "How To" Overview
 
Presentazione standard1
Presentazione standard1Presentazione standard1
Presentazione standard1
 
Presentazione standard1
Presentazione standard1Presentazione standard1
Presentazione standard1
 
Career clusters
Career clustersCareer clusters
Career clusters
 
Irlanda
IrlandaIrlanda
Irlanda
 
Baird Digital Marketing Capabilities
Baird Digital Marketing CapabilitiesBaird Digital Marketing Capabilities
Baird Digital Marketing Capabilities
 
Career Clusters
Career ClustersCareer Clusters
Career Clusters
 
Parasitology Course details
Parasitology Course detailsParasitology Course details
Parasitology Course details
 
Thylacine the tasmanian tiger
Thylacine the tasmanian tigerThylacine the tasmanian tiger
Thylacine the tasmanian tiger
 
Thylacine,the Tasmanian tiger
Thylacine,the Tasmanian tigerThylacine,the Tasmanian tiger
Thylacine,the Tasmanian tiger
 
Library orientation medicine-2011
Library orientation medicine-2011Library orientation medicine-2011
Library orientation medicine-2011
 
ION Network
ION NetworkION Network
ION Network
 
Vawt and Hawt comparison
Vawt and Hawt comparisonVawt and Hawt comparison
Vawt and Hawt comparison
 
Irlanda
IrlandaIrlanda
Irlanda
 
Rotomolding
RotomoldingRotomolding
Rotomolding
 

Similar to Rbi circular

RBI guidelines for mobile banking: A brief report
RBI guidelines for mobile banking: A brief reportRBI guidelines for mobile banking: A brief report
RBI guidelines for mobile banking: A brief report
Tirthankar Sutradhar
 
Mfs
MfsMfs
Mfs
Tufayel Ahmed
 
Assignment
AssignmentAssignment
Assignment
Assignment Help
 
Mobile Practices European Release Final 27 04 11
Mobile Practices European Release Final 27 04 11Mobile Practices European Release Final 27 04 11
Mobile Practices European Release Final 27 04 11
Neira Jones
 
RBI guidelines for mobile banking
RBI guidelines for mobile bankingRBI guidelines for mobile banking
RBI guidelines for mobile banking
Tirthankar Sutradhar
 
Online wallets: part 2 (compliance)
Online wallets: part 2 (compliance) Online wallets: part 2 (compliance)
Online wallets: part 2 (compliance)
Mathew Chacko
 
Saraf Commitee Report
Saraf Commitee ReportSaraf Commitee Report
Saraf Commitee Report
Pankaj Baid
 
Towards a Two-Tier Hierarchical Infrastructure: An Online Payment System for ...
Towards a Two-Tier Hierarchical Infrastructure: An Online Payment System for ...Towards a Two-Tier Hierarchical Infrastructure: An Online Payment System for ...
Towards a Two-Tier Hierarchical Infrastructure: An Online Payment System for ...
Rein Mahatma
 
The potentials for e-Commerce payments' growth in Ethiopia and the need for s...
The potentials for e-Commerce payments' growth in Ethiopia and the need for s...The potentials for e-Commerce payments' growth in Ethiopia and the need for s...
The potentials for e-Commerce payments' growth in Ethiopia and the need for s...
The i-Capital Africa Institute
 
UNVEILING THE WORLD OF ONLINE PAYMENT GATEWAYS
UNVEILING THE WORLD OF ONLINE PAYMENT GATEWAYSUNVEILING THE WORLD OF ONLINE PAYMENT GATEWAYS
UNVEILING THE WORLD OF ONLINE PAYMENT GATEWAYS
IRJET Journal
 
oct20.pdf IIBF banking current trends in banking
oct20.pdf IIBF banking current trends in bankingoct20.pdf IIBF banking current trends in banking
oct20.pdf IIBF banking current trends in banking
pxp2k8mdmf
 
Epayments system in India and globally iit project
Epayments system in India and globally iit project Epayments system in India and globally iit project
Epayments system in India and globally iit project
abhiROCKS1103
 
Software for Payment Cards: Choosing Wisely
Software for Payment Cards: Choosing WiselySoftware for Payment Cards: Choosing Wisely
Software for Payment Cards: Choosing Wisely
Cognizant
 
Payments 101 - India Payments - A Primer
Payments 101 - India Payments - A PrimerPayments 101 - India Payments - A Primer
Payments 101 - India Payments - A Primer
Kapish Kaushal
 
Fcb 2
Fcb 2Fcb 2
Fcb 2
ShrutiWadichar
 
Banking innovations
Banking innovationsBanking innovations
Banking innovations
jeffrey justine KOTTARAM
 
Wireless Serial Data Synchronization for Money Transaction Using Multi Accoun...
Wireless Serial Data Synchronization for Money Transaction Using Multi Accoun...Wireless Serial Data Synchronization for Money Transaction Using Multi Accoun...
Wireless Serial Data Synchronization for Money Transaction Using Multi Accoun...
IJSRED
 
Uniform payment system_for_banking_indus
Uniform payment system_for_banking_indusUniform payment system_for_banking_indus
Uniform payment system_for_banking_indus
themightycissp
 
Service Management Digital Services
Service Management Digital ServicesService Management Digital Services
Service Management Digital Services
SOMASUNDARAM T
 
mobile payment in india operative guidelines for
mobile payment in india operative guidelines formobile payment in india operative guidelines for
mobile payment in india operative guidelines for
Ashish Barapatre
 

Similar to Rbi circular (20)

RBI guidelines for mobile banking: A brief report
RBI guidelines for mobile banking: A brief reportRBI guidelines for mobile banking: A brief report
RBI guidelines for mobile banking: A brief report
 
Mfs
MfsMfs
Mfs
 
Assignment
AssignmentAssignment
Assignment
 
Mobile Practices European Release Final 27 04 11
Mobile Practices European Release Final 27 04 11Mobile Practices European Release Final 27 04 11
Mobile Practices European Release Final 27 04 11
 
RBI guidelines for mobile banking
RBI guidelines for mobile bankingRBI guidelines for mobile banking
RBI guidelines for mobile banking
 
Online wallets: part 2 (compliance)
Online wallets: part 2 (compliance) Online wallets: part 2 (compliance)
Online wallets: part 2 (compliance)
 
Saraf Commitee Report
Saraf Commitee ReportSaraf Commitee Report
Saraf Commitee Report
 
Towards a Two-Tier Hierarchical Infrastructure: An Online Payment System for ...
Towards a Two-Tier Hierarchical Infrastructure: An Online Payment System for ...Towards a Two-Tier Hierarchical Infrastructure: An Online Payment System for ...
Towards a Two-Tier Hierarchical Infrastructure: An Online Payment System for ...
 
The potentials for e-Commerce payments' growth in Ethiopia and the need for s...
The potentials for e-Commerce payments' growth in Ethiopia and the need for s...The potentials for e-Commerce payments' growth in Ethiopia and the need for s...
The potentials for e-Commerce payments' growth in Ethiopia and the need for s...
 
UNVEILING THE WORLD OF ONLINE PAYMENT GATEWAYS
UNVEILING THE WORLD OF ONLINE PAYMENT GATEWAYSUNVEILING THE WORLD OF ONLINE PAYMENT GATEWAYS
UNVEILING THE WORLD OF ONLINE PAYMENT GATEWAYS
 
oct20.pdf IIBF banking current trends in banking
oct20.pdf IIBF banking current trends in bankingoct20.pdf IIBF banking current trends in banking
oct20.pdf IIBF banking current trends in banking
 
Epayments system in India and globally iit project
Epayments system in India and globally iit project Epayments system in India and globally iit project
Epayments system in India and globally iit project
 
Software for Payment Cards: Choosing Wisely
Software for Payment Cards: Choosing WiselySoftware for Payment Cards: Choosing Wisely
Software for Payment Cards: Choosing Wisely
 
Payments 101 - India Payments - A Primer
Payments 101 - India Payments - A PrimerPayments 101 - India Payments - A Primer
Payments 101 - India Payments - A Primer
 
Fcb 2
Fcb 2Fcb 2
Fcb 2
 
Banking innovations
Banking innovationsBanking innovations
Banking innovations
 
Wireless Serial Data Synchronization for Money Transaction Using Multi Accoun...
Wireless Serial Data Synchronization for Money Transaction Using Multi Accoun...Wireless Serial Data Synchronization for Money Transaction Using Multi Accoun...
Wireless Serial Data Synchronization for Money Transaction Using Multi Accoun...
 
Uniform payment system_for_banking_indus
Uniform payment system_for_banking_indusUniform payment system_for_banking_indus
Uniform payment system_for_banking_indus
 
Service Management Digital Services
Service Management Digital ServicesService Management Digital Services
Service Management Digital Services
 
mobile payment in india operative guidelines for
mobile payment in india operative guidelines formobile payment in india operative guidelines for
mobile payment in india operative guidelines for
 

Rbi circular

  • 1. RBI / 2012 -13/424 DPSS (CO) PD No.1462 / 02.14.003 / 2012-13 February 28, 2013 The Chairman and Managing Director / Chief Executive Officers All Scheduled Commercial Banks including RRBs / Urban Co-operative Banks / State Co-operative Banks / District Central Co-operative Banks/ Authorised Card Payment Networks Madam / Dear Sir, Security and Risk Mitigation Measures for Electronic Payment Transactions Payments effected through alternate payment products/channels are becoming popular among the customers with more and more banks providing such facilities to their customers. While this move of the banks indeed promotes and encourages the usage of electronic payments, it is imperative that the banks ensure that transactions effected through such channels are safe and secure and not easily amenable to fraudulent usage. One such initiative by RBI, was mandating additional factor of authentication for all card not present (CNP) transactions. Security of card present transactions has also been initiated by RBI through the implementation of recommendations of the Working Group on Securing Card Present transactions. Banks have also put in place mechanisms and validation checks for facilitating on-line funds transfer, such as: (i) enrolling customer for internet/mobile banking; (ii) addition of beneficiary by the customer; (iii) velocity checks on transactions, etc. 2. With cyber-attacks becoming more unpredictable and electronic payment systems becoming vulnerable to new types of misuse, it is imperative that banks introduce certain minimum checks and balances to minimise the impact of such attacks and to arrest/minimise the damage. Accordingly, banks are required to put in place security and risk control measures as detailed here under: A. Securing Card Payment Transactions (i) All new debit and credit cards to be issued only for domestic usage unless international use is specifically sought by the customer. Such cards enabling international usage will have to be essentially EMV Chip and Pin enabled. (By June 30, 2013) (ii)Issuing banks should convert all existing MagStripe cards to EMV Chip card for all customers who have used their cards internationally at least once (for/through e- commerce/ATM/POS) (By June 30, 2013) (iii) All the active Magstripe international cards issued by banks should have threshold limit for international usage. The threshold should be determined by the banks based on the risk profile of the customer and accepted by the customer (By June 30, 2013). Till
  • 2. such time this process is completed an omnibus threshold limit (say, not exceeding USD 500) as determined by each bank may be put in place for all debit cards and all credit cards that have not been used for international transactions in the past. (iv) Banks should ensure that the terminals installed at the merchants for capturing card payments (including the double swipe terminals used) should be certified for PCI-DSS (Payment Card Industry- Data Security Standards) and PA-DSS (Payment Applications -Data Security Standards) (By June 30, 2013). (v) Bank should frame rules based on the transaction pattern of the usage of cards by the customers in coordination with the authorized card payment networks for arresting fraud. This would act as a fraud prevention measure (By June 30, 2013). (vi) Banks should ensure that all acquiring infrastructure that is currently operational on IP (Internet Protocol) based solutions are mandatorily made to go through PCI-DSS and PA-DSS certification. This should include acquirers, processors / aggregators and large merchants (By June 30, 2013). (vii) Banks should move towards real time fraud monitoring system at the earliest. (viii)Banks should provide easier methods (like SMS) for the customer to block his card and get a confirmation to that effect after blocking the card. (ix) Banks should move towards a system that facilitates implementation of additional factor of authentication for cards issued in India and used internationally (transactions acquired by banks located abroad). (x) Banks should build in a system of call referral1 in co-ordination with the card payment networks based on the rules framed at (v) above. B. Securing Electronic Payment Transactions The electronic modes of payment like RTGS, NEFT and IMPS have emerged as channel agnostic modes of funds transfer. These have picked up to a large extent through the internet banking channel and hence it is imperative that such delivery channels are also safe and secure. Some of the additional measures that need to be introduced by the banks could be as follows: (i) Customer induced options may be provided for fixing a cap on the value / mode of transactions/beneficiaries. In the event of customer wanting to exceed the cap, an additional authorization may be insisted upon. 1 Call Referral implies:- -Card is swiped at the EDC at the merchant. -Issuer responds with a “Call Issuer” decision. -Merchant calls the acquiring bank with details of the card number and transaction data. -Acquirer calls the issuing bank to seek authorization -Issuing bank approves/ declines the transaction post speaking with the customer and validating the transaction. -Merchant will need to swipe the card again to obtain approval
  • 3. (ii) Limit on the number of beneficiaries that may be added in a day per account could be considered. (iii) A system of alert may be introduced when a beneficiary is added. (iv) Banks may put in place mechanism for velocity check on the number of transactions effected per day/ per beneficiary and any suspicious operations should be subjected to alert within the bank and to the customer. (iv) Introduction of additional factor of authentication (preferably dynamic in nature) for such payment transactions should be considered. (vi) The banks may consider implementation of digital signature for large value payments for all customers, to start with for RTGS transactions. (vii) Capturing of Internet Protocol (IP) address as an additional validation check should be considered. (vii) Sub-membership of banks to the centralised payment systems has made it possible for the customers of such sub-members to reap the benefits of the same. Banks accepting sub-members should ensure that the security measures put in place by the sub members are on par with the standards followed by them so as to ensure the safety and mitigate the reputation risk. (viii) Banks may explore the feasibility of implementing new technologies like adaptive authentication, etc. for fraud detection. The above security measures under B (i) to (viii) are expected to be put in place by banks by June 30, 2013. 3. Banks are advised to quickly implement the above security/risk mitigation measures and keep us posted with the progress made in this regard. 4. The directive is issued under section 18 of Payment and Settlement Systems Act 2007, (Act 51 of 2007). 5. Please acknowledge the receipt of this circular. Yours faithfully, (Vijay Chugh) Chief General Manager Related Press Release Feb 28, 2012 RBI releases Security and Risk Mitigation measures for Electronic Payment Transactions