Reserve Bank of India
(RBI) vide Circular dated 28.02.2013 on “Security and Risk Mitigation Measures
for Electronic Payment Transactions” has directed banks to put in place the
following safety measures for Credit and Debit Card Transactions :
• All new debit and
credit cards to be issued only for domestic usage unless international use is
specifically sought by the customer. Such cards enabling international usage
will have to be essentially EMV Chip and Pin enabled. (By June 30, 2013).
• Issuing banks should
convert all existing Magstripe cards to EMV Chip card for all customers who
have used their cards internationally at least once (for/through
e-commerce/ATM/POS) (By June 30, 2013).
• All the active
Magstripe international cards issued by banks should have threshold limit for
international usage. The threshold should be determined by the banks based on
the risk profile of the customer and accepted by the customer (By June 30,2013).
• Banks should ensure
that the terminals installed at the merchants for capturing card payments
(including the double swipe terminals used) should be certified for PCI-DSS
(Payment Card Industry – Data Security Standards) and PA-DSS (Payment Applications
– Data Security Standards) (By June 30,2013).
• Bank should frame
rules based on the transaction pattern of the usage of cards by the customers
in coordination with the authorized card payment networks for arresting fraud
(By June 30, 2013).
• Banks should ensure
that all acquiring infrastructure that is currently operational on IP (internet
protocol) based solutions are mandatorily made to go through PCI-DSS and PA-DSS
certification. This should include acquirers, processors/aggregators and large
merchants (By June 30, 2013).
• Banks should move
towards real time fraud monitoring system at the earliest.
• Banks should provide
easier methods (like SMS) for the customer to block his card and get a
confirmation to that effect after blocking the card.
• Banks should move
towards a system that facilitates implementation of additional facilitates
implementation of additional factor of authentication for cards issued in India
and used internationally (transactions acquired by banks located abroad).
After discussions with
Banks, the RBI had issued the guidelines vide Circular dated 28.02.2013 on
“Security and Risk Mitigation Measures for Electronic Payment Transactions”.
