RBI proposes security step for international card not present transactions

The Reserve Bank of India (RBI) has proposed to enable additional factor authentication (AFA) for online international ‘card-not-present’ transactions, seeking to strengthen security of payments overseas.

 

Card-not-present is a transaction made remotely without requiring a physical card to process a payment through a point-of-sale device or terminal. AFA is the use of more than one factor for authenticating a payment instruction and was previously mandated only for domestic transactions.

 

The RBI said its new proposal would provide an additional layer of security in cases where the overseas merchant is enabled for AFA. It will issue a draft circular after feedback from stakeholders.

 

“Introduction of AFA for digital payments has enhanced the safety of transactions, which in turn provided confidence to customers to adopt digital payments. In order to provide a similar level of safety for online international transactions using cards issued in India, it is proposed to enable AFA for international card-not-present (online) transactions as well,” the RBI said in a statement on developmental and regulatory policies.

 

Last year, the banking regulator published a draft framework to improve the security of digital payments through alternative authentication mechanisms.

 

According to the framework, all digital payment transactions, excluding card-present transactions, must incorporate a dynamically generated authentication factor.

 

The factor, created at the time of payment and unique to each transaction, cannot be reused. The framework specifies that authentication factors may include:

 

• Something the user knows: This includes passwords, passphrases, or PINs.

• Something the user has: This refers to physical devices like ATM cards or software tokens.

• Something the user is: This encompasses biometric identifiers such as fingerprints or facial recognition.