MANU/RMIC/0217/2016

Ministry : Reserve Bank of India

Department/Board : Department of Payment and Settlement Systems

Circular No. : DPSS.CO.PDNo.1431/02.14.003/2016-2017
                   RBI/2016-2017/172

Date : 06.12.2016

The Chairman and Managing Director / Chief Executive Officer
All Scheduled Commercial Banks including RRBs/
Urban Co-operative Banks / State Co-operative Banks/
District Central Co-operative Banks/ Authorised Card Payment Networks
Payment Banks and Small Finance Banks

Madam/Sir,

Card Not Present transactions - Relaxation in Additional Factor of Authentication for payments upto Rs. 2000/- for card network provided authentication solutions

Reserve Bank of India has been taking a number of initiatives with the involvement of all stake holders to enhance safety and efficiency of the retail payment systems. In this regard, various instructions have been issued from time to time on security and risk mitigation measures involving card transactions, including directions on online alerts and additional factor of authentication. These measures have contributed to increased customer confidence in using card payments.

2. The Reserve Bank has been receiving requests from certain segments of the industry for reviewing the requirement of AFA for low value online card not present (CNP) transactions. As most of the requests were for merchant specific relaxations on AFA requirements, they were not appropriate at the system level. An alternate solution, provided by authorised card networks is expected to meet the objective of customer convenience with sufficient security for low value transactions. In this model, the card issuing banks will offer the "payment authentication solutions" of the respective card networks to their customers on an optional basis. Customers opting for this facility will go through a one-time registration process requiring entry of card details, etc. and AFA by the issuing bank. Thereafter, the registered customers will not be required to re-enter the card details for every transaction at merchant locations that offer this solution and thereby save time and effort. In this model, the card details already registered would be the first factor while the credentials used to login to the solution (as confirmed by the card network providing the solution) would be the additional factor of authentication.

3. Accordingly, the AFA requirement for transactions upto ` 2000/- for online CNP transactions for the 'payment authentication solutions' provided by authorised card networks with the participation of respective card issuing and acquiring banks is being relaxed, subject to: