RBI has relaxed norms for making online transactions through Cards. So you are not required to authenticate your transaction on uber/ paytm or other online sites upto Rs.2000 once you have given prior permission. Although Banks are required to take consent of customers and leave it to customer, whether they want to opt in or not.
Additional Factor of Authentication (AFA) requirement for transactions upto ₹ 2000/- for online Card Not Present (CNP) transactions for the ‘payment authentication solutions’ provided by authorised card networks with the participation of respective card issuing and acquiring banks is being relaxed, subject to:
Only authorised card networks shall provide such payment authentication solutions with participation of card issuing and acquiring banks,
- Customer consent shall be taken while making this solution available to them,
The relaxation for AFA under such solutions shall be applicable for card not present transactions for a maximum value of ₹ 2,000/- per transaction across all merchant categories. Banks and card networks are free to facilitate their customers to set lower per transaction limits,
Beyond the transaction limit of ₹ 2000/-, the card not present transaction has to necessarily be processed as per the extant instructions with mandatory AFA; even for transaction values below this limit, the customer may choose to make payment using other forms of AFA as hitherto,
- Suitable velocity checks (i.e., how many such small value transactions will be allowed in a day / week / month) may be put in place by banks/card networks as considered appropriate,
No change in the existing chargeback process.
Further, in the interest of customer awareness and protection, the banks and authorised card networks are required to:
- Make customers aware that the solution is an optional facility for card-not-present transactions for values upto ₹ 2000/- only and that they are free to make payments using other forms of AFA as hitherto,
- Educate the customers about its use, risk and the mechanism for customer grievance redressal and reporting of complaints through multiple channels (website, phone banking, SMS, IVR etc.),
- Indicate the maximum liability devolving on the customer, if any, at the time of enrolling/registering customers and the responsibility of the customer to report any frauds while transacting,
- Bear the full liability in the event of any security breach or compromise in the authorised card network.
The authorised card network operators, may also facilitate participation of cardholders from other authorised card networks, through appropriate network level arrangements / agreements.
This directive is issued under Section 10(2) read with Section 18 of Payment and Settlement Systems Act 2007 (Act 51 of 2007).