What changed
Previously, additional authentication was required only for online card-not-present transactions, excluding IVR. Now, after discussions with banks and card companies, RBI has decided to include IVR transactions as well. The new requirement takes effect from January 1, 2011.
What it means for you
Banks must update their IVR systems to support additional authentication, such as one-time passwords or other verification methods not visible on the card. This will reduce fraud risk but may require system upgrades and customer education. Non-compliance could lead to penalties under the Payment and Settlement Systems Act.
What you must do
- Implement additional authentication for all card-not-present transactions including IVR by January 1, 2011.
- Update IVR systems to support verification based on information not visible on the card.
- Ensure compliance with the circular to avoid penalties under the Payment and Settlement Systems Act, 2007.
- Acknowledge receipt of this circular to RBI.
Who it affects
All scheduled commercial banks including RRBs, Urban co-operative banks, State co-operative banks, District central co-operative banks, Card companies
What is the effective date for this new requirement?
The additional authentication for IVR transactions must be implemented from January 1, 2011.
What happens if a bank does not comply?
Non-adherence to these directions will attract penalties prescribed under the Payment and Settlement Systems Act, 2007.