A recent Reserve Bank of India (RBI) circular reiterating the need to follow a two-level authentication process for any credit or debit card transaction online for a service or product delivered and consumed within India seems to have set the proverbial cat among the pigeons in the e-commerce sector.
The move, aimed at making such transactions more secure and ensuring a level playing field, might force a few foreign e-commerce brands doing business in India to tweak their business models.
There is also a need to update laws to keep pace with the burgeoning growth in India's nascent $2-billion e-commerce segment, expected to add 100 million customers by 2020.
Security vs convenience
RBI's precedence to security concerns over customer convenience might mean the end of the road for single-click customer experience for transactions in which both the service provider and the customer are local, such as booking cab services and hotels.
"As we evolve as a cashless economy and at a time when consumer-protection laws are evolving, RBI has to ensure security and protection of the customer while using alternate cashless payment methods…balancing this with convenience than convenience alone," says an RBI spokesperson.Globally, many countries such as the UK, France, Canada and some Asian nations follow a two-level validation mechanism.
The US follows an EMV-chip system that involves card authentication, card holder verification and transaction authorisation.
In 2011, RBI had hauled up the airline sector through a notification. It had asked foreign airlines to discontinue the practice of using foreign banks for settlement of rupee transactions on account of the sale of air tickets in India.
Business case for global players
The central bank's recent circular was triggered by complaints by the competitors of Uber Technologies that the San Francisco-based provider of niche cab services had violated Foreign Exchange Management Act (FEMA) norms and didn't have in place a second level of authentication. Uber didn't respond to emailed questions on the issue.
Senior executives from the e-commerce segment say it makes business sense to offer a global service through a single-payment gateway rather than use multiple payment systems across many countries.
The e-commerce economy doesn't recognise geographical or national boundaries. As a result, tax implications of doing business out of a country and meeting specific local laws are a sore point.
Meeting local laws
Going ahead, international e-commerce companies such as Uber Technologies will have to offer their services either through an Indian payment gateway or appoint agents to operate the service locally on their behalf or use other modes of transaction, including cash. Use of pre-paid wallets will gain traction, says Jitendra Gupta, founder, Citrus Pay, an Indian payment gateway provider.
Even as some foreign e-commerce companies re-assess their business models, many in the segment, as well as in the legal fraternity, feel laws need to be updated to keep pace with changes in technology.
For instance, FEMA has to keep pace with growth in mobile commerce, says Pallav Pradyumn Narang, partner in chartered accountant firm Arkay & Arkay.
Vaibhav Parikh, partner, Nishith Desai Associates, says to strike a balance between security concerns and customer convenience, second-level authentication should be made optional. "FEMA should not apply to small transactions," he adds. Some tax and legal experts feel RBI should come out with a negative list of transactions. "We hope RBI will soon come out with an enabling framework of regulations, clearly stating what type of transactions are freely permitted, which transactions are prohibited, and which type of transactions need specific approvals," says Hitesh Gajaria, partner, KPMG India.
As of now, the central bank appears to have an open mind on the issue. "We are already working on making the card experience as close to cash as possible," says an RBI spokesperson.