Credit cards displayed for a photograph. (Photographer: Daniel Acker/Bloomberg)

Now Skip The PIN For Online Card Payments Up To Rs 2,000

The Reserve Bank of India has allowed banks to give retail customers the option to complete card-not-present transactions worth less than Rs 2,000 without having to enter an additional factor of authentication, or the PIN code, according to a notification on its website.

A card-not-present transaction is one in which a customer does not physically present a card to a merchant. A common example is a purchase made on an e-commerce website using either a debit or a credit card.

It’s in pretty early stages and we still need to get more details on the change. What we understand is that customers can register for this service with the second factor (authentication) and the subsequent online transactions up to Rs 2,000 can be done without the additional factor. This will help grow digital payments further. 
Sangram Singh, Head - Cards & Payments, Axis Bank to BloombergQuint

What Is Two-Factor Authentication?

Also known as multi-factor authentication, this is a security feature that accompanies all online payments in India. The first level of authentication is a customer’s card details – the card number, the secure three-digit number on the back of the card, and the customer’s name.

In a standard purchase on an e-commerce website using a debit card, if a customer is using the website for the first time, he or she will have to enter the details that have been listed above. Once this is done, and a purchase is being made, the card network operator offers a payment gateway to complete the transaction.

It is here that the second factor authentication needs to be fed in. This is either a 3D PIN, a one-time password, or an ATM (automated teller machine) PIN. The image below is an instance of the payment gateway.

The second factor authentication that is asked for when making transactions online. (Screenshot of a website page)
The second factor authentication that is asked for when making transactions online. (Screenshot of a website page)
With respect to an online payment through card, what we do is organise the gateway. Now, once the registration is done by a customer with their bank, the second factor authentication will be done away with for transactions less than Rs 2,000.
Porush Singh, Division President-South Asia, Mastercard to BloombergQuint

It is still not clear how this service will be made available to customers since the RBI has stipulated that a customer must still be provided with the option of using the two-factor authentication.

“...even for transaction values below this limit, the customer may choose to make payment using other forms of AFA (additional factor authentication) as hitherto,” the RBI said.

The central bank has also advised banks and authorised card networks to bear full liability in the event of a security breach or compromise in the network. This gains importance in light of an event that occurred earlier this year, where more than 30 lakh debit cards of different banks were compromised.