Security Issues and Risk mitigation measures related to Card Not Present (CNP) transactions

Last updated: 06 August 2011
 Notice Date : 04 August 2011

 RBI/2011-12/145

DPSS.PD.CO. No.223/02.14.003/2011-2012

August 04, 2011

 

The Chairman and Managing Director / Chief Executive Officers 

All Scheduled Commercial Banks including RRBs /

Urban Co-operative Banks / State Co-operative Banks /

District Central Co-operative Banks/Authorised Card Payment Networks

 

Madam / Dear Sir

 

Security Issues and Risk mitigation measures related to Card Not Present (CNP) transactions.

 

Please refer to our circular RBI/DPSS No. 1501 / 02.14.003 / 2008-2009 dated February 18, 2009 wherein a directive was issued making it mandatory for banks to put in place additional authentication / validation based on information not visible on the cards for all on-line card not present(CNP) transactions except IVR transactions from August 01, 2009. This mandate was extended to cover all IVR transactions with effect from February 01, 2011 vide our circular RBI/DPSS No. 1503 / 02.14.003 /2010-2011 dated December 31, 2010.

 

2. Banks had been advised vide para 4 of the directions contained in RBI/DPSS No. 1503 / 02.14.003 /2010-2011 dated December 31, 2010 to revert on the introduction of additional factor of authentication for certain category of  CNP transactions detailed therein. The matter was discussed in a meeting of banks with the Reserve Bank of India on June 22, 2011 wherein it was emphasizedby the Reserve Bank that while it was not advocating any specific solution in this regard, it is imperative that all CNP transactions are brought within the ambit of additional factor of authentication without further delay. To this end, banks were advised to evaluate possible alternatives at the earliest.Based on the feedback from the stakeholders and keeping in view the interest of card holders the following directions are issued:

  1. It is mandatory to put in place additional factor of authentication for all CNP transactions indicated in para 4 of our directions dated December 31, 2010 with effect from May 01, 2012.
  2. In case of customer complaint regarding issues, if any,arising out of transactions effected without the additional factor of authentication after the stipulated date, the issuer bank shall reimburse the loss to the customer further without demur.

 

3. The directive is issued under section 18 of Payment and Settlement Systems Act 2007, (Act 51 of 2007).

 

4. Please acknowledge receipt.

 

Yours faithfully,

Vijay Chugh

Chief General Manager.
 

Guest
Notification No : RBI/2011-12/145
Published in Others
Share Report Abuse
Summarize this with AI
ChatGPT Perplexity Claude Google AI Grok

CCI Pro Comments

CAclubindia's WhatsApp Groups Link

Other Latest Notification/Circulars


View More Notifications


Trending Online Classes

view all classess

CCI Pro
Meet our CAclubindia PRO Members
Subscribe Now

Follow us
add to google news


Browse by Category





Latest Job Openings

View all
Company
Featured 28 March 2026
Accountant

Ashok Amol & Associates

New Delhi

B.Com

View Details
Company
Featured 19 March 2026
Article Assistant

Gupta Sachdeva & Co. Chartered Accountants

New Delhi

CA Final

View Details
Company
Featured 14 March 2026
Associate CA

N N V Satish&co

Hyderabad

CA

View Details
Company
Featured 14 April 2026
GST CONSULTANT

Abhishek G Agrawal & Co.

Korba

CA Final

View Details
Company
Featured 13 April 2026
GST CONSULTANCY

Abhishek G Agrawal & Co.

Korba

CA Final

View Details
Company
Featured 28 March 2026
CA Final

Ashok Amol & Associates

New Delhi

CA Final

View Details
Company
Featured 14 March 2026
Article Trainee

N N V Satish&co

Hyderabad

CA Inter

View Details
Company
Featured 12 March 2026
Customer Relationship Executive

TAXLET

Calicut

B.Com

View Details