The Reserve Bank of India has eased rules that require a two-step authentication process while making online payments up to ₹2,000 for cardholders.
Under the new rules, banking customers will have to opt for this facility after going through a one-time registration process, entering their card details and fulfilling any other security verification required by their banks, RBI said in a statement.
The move is aimed at easing cashless payments for retail payments for “low-value” transactions, the RBI said. Merchants from cab aggregators to online shopping sites are expected to benefit.
However, banks will be required to seek customer consent before the facility is rolled out. They will also be required to bear the full liability in case any security breaches occur in the authorised network. India recently saw a massive debit card breach that engulfed all leading banks and compromised upto 3.2 million debit cards.
For individual card theft or fraud, customers may have to bear part of the liability and RBI has advised banks to make customers aware specifically how much liability will fall upon them during the registration process.
Additionally, individual banks may set limits on how many times the facility can be used in a day for security purposes.
E-retail companies and service providers that are increasingly relying on digital payments are expected to benefit from this move but it’s unclear to what degree customers will opt for this service given the security concerns.
Vijay Jasuja, chief executive officer, SBI Cards told Mint the move could be aimed at giving a level playing field to all payment providers.
“As of now, customers can make payments using mobile wallets without a two-factor authentication. If you provide a facility to one company then it must be provided to everyone,” Jasuja said.