In case you have never used your debit or credit card for online transactions, then note down the date of March 16, 2020, as one of the most important dates. The online or contactless transactions facility will be mandatorily disabled on your debit or credit card on March 16 if you have never used it for such transactions.
In January 2020, RBI issued a notification issuing new rules for credit and debit cards to improve user convenience and increase the security of card transactions. It further asks card issuers to disable online transactions and contactless payment services of all those credit and debit cards that have never been used for an online or contactless transaction. Cardholders now have only time till March 16 to use such cards for online, contactless transactions to stop them from being disabled for these transactions.
What is a Contactless Transaction or Contactless Credit and Debit Card?
A contactless transaction occurs when someone buys products or services via debit or credit card using radio frequency identification (RFID) technology-enabled on the cards.
If your card came with a WiFi symbol on it, you own a contactless card. You can make payments without having to physically swipe the card. All you need to do is tap the card at a PoS terminal that is equipped with the contactless payment technology. However, since a PIN or security code is not required in case of such payments, the transaction being made by this mode is usually limited.
Contactless cards work when the card is within 4cm of the card reader and the contactless payment terminal can only process one transaction at a time. Because your contactless cards don’t leave your hand during the transaction, hence, you remain in control of your card at all times.
Recent cases on breach of security of Credit and debit card in India
According to the RBI’s annual report on trends and progress in banking, banks reported 1,866 fraud cases worth Rs 71 crore related to cards and internet banking, in 2018-19. Recent cases prove the level of loopholes:
- Some time back, approximately millions of credit and debit card details of Indian banks were reportedly leaked and put up for sale on a website for stolen card details. Hence, in October 2019, RBI directed all banks to secure their customer’s card data.
- Another major breach had taken place in October 2016 when more than 3 million credit and debit card details of Indian banks were compromised.
RBI Notification on January 15, 2020 – Enhancing Security of Card Transactions
Over the years, the volume and value of transactions made through cards have increased manifold. Hence, RBI issued the directions in this regard under Section 10(2) of the Payment and Settlement Systems Act, 2007 and shall come into effect from March 16, 2020, to improve user convenience and increase the security of card transactions. RBI decided as follows:
- At the time of issue / re-issue, all cards (physical and virtual) shall be enabled for use only at contact-based points of usage like ATMs and Point of Sale (PoS) devices within India.
- For existing cards, the issuers may decide, based on their risk perception, whether to disable the card not present (domestic and international) transactions, card-present (international) transactions and contactless transaction rights.
However, existing cards that have never been used for online, international or in contactless transactions, will see such facilities disabled mandatorily.
Facilities to be provided by the issuer to all cardholders
The issuers shall provide to all cardholders:
- facility to switch on / off and set/modify transaction limits (within the overall card limit, if any, set by the issuer) for all types of transactions – domestic and international, at PoS / ATMs / online transactions / contactless transactions, etc.;
- the above facility on a 24×7 basis through multiple channels – mobile application/internet banking / ATMs / Interactive Voice Response (IVR); this may also be offered at branches/offices;
- alerts/information/status, etc., through SMS / e-mail, as and when there is any change in the status of the card.
- These rules will be applicable to new cards from 16 March 2020. Those with old cards can decide whether to disable any of these features.
- The provisions of the above directions are not mandatory for prepaid gift cards and those used at mass transit systems.
In short, after March 16th, any debit or credit card can be blocked for online services. Once blocked, the cardholder will need to reapply for a cashless payment feature on the debit/credit card. This blocking of debit/credit cards will begin after March 16th.
If a customer wishes to use these facilities, then they will have to apply to the bank for the same.
Hence, it is highly advisable by RBI to customers to use their cards for online and contactless transactions before 16th March 2020 if they want to retain these services.
India has seen a number of instances where card information has been leaked by hackers internationally. While the data leak is yet to lead to any major financial losses for customers, it still encouraged the RBI to review security measures. These directions by RBI assume significance amid rising instances of cyber frauds. It will further improve user convenience and increase the security of card transactions.