Credit cardholders in India starting Saturday must enter a passcode whenever they make a transaction by phone under new regulations the country’s central bank announced Dec. 24.
Effective Jan. 1, banks in India must decline any transactions initiated by phone, including those using automated Interactive Voice Response systems, if the customer does not have and use a one-time passcode, according to the Reserve Bank of India.
The central bank initiated the policy as a safeguard against credit card fraud, the banking authority says.
Cardholders will have to register for the service with their bank, which will send requested passcodes only to the customer’s registered mobile-phone number and e-mail address.
Credit cardholders of Indian banks already go through one level of security by entering their card details to proceed by phone with any inquiries or transactions on their accounts. Now before keying in the one-time passcode, the cardholder must use the phone's keypad to enter at least four other numbers for authentication–the 16-digit card number, the card’s expiration date, the card verification value or card validation code, and his mobile number.
The one-time passcode is valid only for two hours, and cardholders would need to request a separate one-time passcode for each transaction, according to the guidelines.
Merchants that support shopping by phone and want to accept, say, a Citibank card, would redirect the call to Citi’s voice-response system for authentication before the call is returned to the merchant to complete the transaction.
Last year, the central bank required banks to provide their customers an additional security layer for all credit card transactions conducted over Internet (
What do you think about this? Send us your feedback.
