How the New RBI Card Security Rules can help be a sigh of Relief for Women

Empowering women over the years has been a concern in India where the gender disparity is huge. One of the many aspects of empowering women can be their financial independence. The free will to choose something is fundamental, but a far-fetched dream for any woman. 

Women Need Finance and Finance Needs Women

The availability of income at their disposal can help women to spend wisely for the needs they have like higher education, can deposit in various schemes or for daily usage. Women usually are said to save more for expenses that can surprisingly occur, which make them reliable customers for banks.

Growth of Digital Payments & Solutions 

Digitalization of payments has been a new trend to the economy henceforth making it necessary for women also to be aware and educated. We are a click or a swipe away from getting anything online or in person, which has paved the way for many debit and credit card frauds. 

card transactions

What could be the use case?

We have heard woes from different women who need to handle the pressure of the security and safety aspects of the electronic payment cards(debit/credit) while managing the core chores as well. There are stories we listened to and instances we faced ourselves. On one unfortunate day, we may get an SMS/email notification about an X amount spent on our card without even our knowledge in a time during which we may not even pay attention to our mobile devices. Sometimes we may also miss the ‘report within’ timeline to report a fraudulent transaction. But do we need to bear all this hassle? Reporting a fraudulent transaction, filing FIR(if requested), validation of the case by the financial institution(which again comes with a lot of TnCs), and following up are other aspects of the hassle story. A question arises – Is there a way we can happily and fearlessly use the payment systems and still have control on our cards? There are options available, but for now let us focus on the payment cards in discussion. 

Security aspects that we can consider

  1. After using our card for online transactions, we never know where our card data is stored and who is misusing it. Recent news of the credit/debit card data available publicly is one example of this. We may be secure, but we never know at which point of the payment platform our details are getting leaked or stolen. 
  2. International credit transactions happen without the need for extra authentication – this is a pain point if card data theft happens as shared in point 1. 
  3. We may share our card details with family/children, and we may not be sure what happens after that.
  4. While digital platforms provide solutions at our comfort, they also need some attention, especially with contactless technology. We may lose our card, and things can go out of control if it is a Paywave NFC card(doesn’t need pin authentication for payments). 

 

These are some basic scenarios which we can infer in general cases. Things may go strange and sometimes out of imagination when fraudsters come up with new ways to steal. 

To address specific issues, improve user convenience and increase the security of transactions, the RBI has issued new regulations to all the banks on card transactions which would come in effect from March 16, 2020. 

We would now try to decode and explain in simple terms how these regulations would help us in real case scenarios.

Before we get started, you need to know the basic card terminology to understand the implementations RBI has kept forward.

  • ATM/PoS: Basic everyday used words. PoS machines – You pay for shopping/grocery/spa, and your card is PIN authenticated using this machine. In simple terms, you pay for your purchases using the card physically present method in combination with your PIN. Some latest PoS machines also come with contactless technology which is for Paywave cards(PIN is not required, but just the card contact with the machine). 
  • Card Not Present Transactions: Online transactions, where your card details are enough and physical card presence is not required for the transaction. As in, you buy something from an online shopping store, and you just need the card details(Number, expiry date, CVV) and not the card physically. 
  • Domestic Transactions: Transactions, Payments which happen in India, and are bound to Indian guidelines.
  • International Transactions: While we are not going into the depth of scope and definition of ‘International Transaction’ for consumer purposes, to explain in simple terms, payments, transactions where the money transfer crosses national borders. 

 

Now, coming to the guidelines issued:

1. At the time of issue / re-issue, all cards (physical and virtual) shall be enabled for use only at contact-based points of usage within India.  

Simply Put: You got a new card, and by default, this card only works at ATMs and PoS machines when you present the card physically and authenticate the transaction with the PIN. You cannot use this card by default at contactless, card not present transactions for domestic or international transactions. The card issuers shall provide a facility for enabling these restricted facilities on cardholders’ request.  

So, you do not need to worry about other transactions if you go by traditional purchase ways using PoS or money withdrawals at ATMs by presenting the card physically.

2. For existing cards: Card issuers may take a decision based on risk perception. Existing cards which have never been used for online (card not present) / international / contactless transactions shall be mandatorily disabled for this purpose. 

Simply Put: So, you already have a card and never used – card not present, international or contactless transactions – These facilities enabled on your card will now be disabled. If you previously used any of the above transaction methods, your card issuer may take a call based on the risk perception. Not to worry, your card issuer will give you options to enable or disable these facilities.

3. Additionally, the issuers shall provide to all cardholders: 

  1. facility to switch on / off and set / modify transaction limits (within the overall card limit, if any, set by the issuer) for all types of transactions – domestic and international, at PoS / ATMs / online transactions / contactless transactions, etc.; 
  2. the above facility on a 24×7 basis through multiple channels – mobile application / internet banking / ATMs / Interactive Voice Response (IVR); this may also be offered at branches / offices; 
  3. alerts / information / status, etc., through SMS / e-mail, as and when there is any change in status of the card. 

 

Simply Put: Suppose, you have a total balance/credit Limit of 50,000 in your account/card. You will now have an option to limit yourself or set limits on your transactions.
Example: You self-set a limit of 10,000 on your card and try to pay for a purchase of 10,001, the transaction will fail automatically. Any transaction equal to or below 10,000 would only be processed.

Simply Put: You can disable or enable your card for any transactions. You can set, or modify limits within the total limit of your cards for any kind of transaction* which we have already discussed. It is something like you temporarily switch off the transactional functionality on your card. You can enable whenever you need it. You are totally in control. This facility will be provided to you by your bank 24by7 through multiple channels – mobile application / internet banking / ATMs / Interactive Voice Response (IVR). 
Example: You envisage there are no expenses or transactions for the next 15 days in the month, you can simply disable your card transactions and rest assured. For safety purposes, if you feel, you only need Rs 2000 as a transactional limit you can set it as per your convenience. But don’t forget to change/update the self-set limit if you need to transact a higher value purchase successfully.

Simply put: You will be notified with alerts/information through SMS/email if there is any change in status on the card. You will get the limit set, modify, disable, enable confirmation messages and emails.

4. The provisions of the RBI circular are not mandatory for prepaid gift cards and those used at mass transit systems.

Possible Use Cases:

  1. You can now set a transactional limit of your choice and give it to your child/children when they go on a vacation and control the spending within each transactional limit. You can even modify the limit if requested at any time of the day. 
  2. You can have control over the transactional limit within the total limit on your card. 
  3. Card Not Found – You can temporarily disable/block the transactions immediately using the App. 
  4. Only disable domestic transactions; only disable international transactions.
  5. Self-set limit on the card transactions and be in real spending senses. 
  6. Self-set small limit and never worry about the surprises of high-value fraudulent transactions. Even if there is one, it will be in your ceiling limit, and you can report the same to the bank.

A Real World example to cite:

We also do have a real-world example with us to share our experience.
Financial Institution: Citi Bank IN
Card Type: Credit Card

An example of the existing practices by Citi Bank and how enabling the daily self-set limit feature helped us save ourselves unknowingly from a fraudulent transaction.

What is the preventive measure we have taken before the misshapen: Self Set daily spending limit to Rs 5,000 from the overall limit of Rs 1,89,000.

On the night of the incident: 

  1. A fraudster tried to validate the card by doing a 1$ transaction at an international payment solution. Being an international transaction, it got processed without OTP authentication, and the transaction got successfully processed as it is within self-set limits. 
  2. Fraudster got confirmation, became greedy and tried to process a transaction for Rs 18,000. Now that this transaction is above and beyond my self set daily transaction limit of Rs 5,000, it failed. After multiple attempts, the fraudster gave up. (Next day, when I woke up, I was able to notice and understand all this activity of the fraudster only through the SMS communication from the bank) 
  3. Next day, on the early working hours, I reported the incident to Citi to investigate the fraudulent transactions.

 

The same may not be the experience with everyone. You may have a pleasant experience just like ours or end up paying for a fraudulent transaction for not meeting the terms and conditions requirements.

Reaffirmation: Instead of cries later, it is better to spend a few minutes prior, enable the security features provided by the financial institutions and rest assured. We never know how bad things can turn.

For now, this analysis is just about the card transactions, and we shall discuss in another story about other payment, wallet, and UPI solutions. So, starting 16 March 2020, we hope the card issuers will provision or enable the RBI decided security features on the cards that we can make use of for our own good!

Indeed this will be a safety for all the payments we do online and in cases of card theft. With the percentage increase of women working in rural and urban India, these provisions will help them get better access to facilities with the amplified security it promises. Though these are security guidelines which cater to a larger audience in general, women would especially feel safe and secure transacting via cards, by being stress-free and love to be within control, thereby avoiding panicking and suggestion seeking situations. Do you agree? Do share your thoughts via comments, and we would be happy to read!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.