Banks to bear liability in case of online security breach: RBI
The Reserve Bank of India (RBI) has clarified that banks will have to bear the full liability in the event of any security breach or compromise in the authorised card network.
Banks issuing the cards will offer the ‘payment authentication solutions’ of the respective card networks on an optional basis to their customers.
RBI held that
- Only authorised card networks will offer such payment authentication solutions with participation of card issuing and acquiring banks.
- For this purpose customer’s consent must be taken while making this solution available to them.
- Customers opting for this facility will go through a one-time registration process. They are required to enter card details and additional factor authentication by issuing bank.
- Thereafter, registered customers will not be required to re-enter card details for every transaction at merchant locations that offer this solution, thus save time and effort.
- The card details already registered will be the first factor while the credentials used to login to the solution would be the additional factor of authentication.
Besides, RBI also has relaxed additional factor authentication (AFA) norms for online transactions up to Rs. 2,000. This decision was taken in a move to save time for customers amid the government’s push for digitization of payments.