Delhi HC seeks response from RBI on protection of online transactions

At a time when the Centre is encouraging people to adopt digital transactions, some banks are allegedly not enforcing RBI directions to provide an additional authentication system for online transactions. The Delhi High Court has decided to examine the issue to protect consumers from rising incidents of credit card fraud.

Under additional authentication system, banks are supposed to send one time password(OTP) to card-holder which is to be used for transaction and it is meant to ensure that card is not misused by other person when it is lost. RBI has been asking the banks to adopt second level of authentication and issued several circulars from 2009 onwards to implement it.

Alleging that some of the banks including HDFC are not providing additional protection layer for consumers, a Supreme Court lawyer has approached Delhi High Court for its implementation. The lawyer pleaded the court to direct RBI to ensure compliance of its circulars. He approached the court after HDFC had deducted excess amount in his online transaction while booking hotel room through a website without taking his consent and without sending OTP before deducting the amount.

"The case pertains to complete failure of RBI to implement its notifications/ circulars issued in 2009, 2010, 2011 and 2014 mandating the use of an additional authentication / validation system also referred to as second level authentication for online card not present (CNP) transactions. The additional authentication / validation is to be obtained using information that is not visible on the credit card itself, i.e. information known or available to the holder of the card but not printed on the card. One time passwords, internet banking passwords are second level authentication," the petitioner advocate Chirag Shroff said.

He said that CNP transactions could be vulnerable to fraudulent activities since it was difficult for merchants to verify whether the person buying a product or service using the card was actually authorized to use it as anyone privy to the information printed on card could enter the details. "In such transactions where second level of authentication is not followed by banks, only credit card number and CVV is required to be provided on the website and in case of any loss or theft of the card anyone can enter these details and carry out unauthorised transactions," he said.

Agreeing to hear his plea, a bench of Justice Rajiv Shakdher issued notice to RBI and HDFC for allegedly not putting in place authentication system for online transactions.

Responding to the legal notice sent by the lawyer for unauthorised deduction, HDFC had taken the stand that the requirement of second level of authentication was applicable for online transactions done with Indian company and his transaction was through foreign website. The bank, however, refunded the amount to him.

People are increasingly using the mode of digital transactions and Centre has set a target of of 25 billion digital transactions in the currrent fiscal year. According to a report on digital payments in India, total payments via digital instruments are expected to touch $500 billion by 2020. As per the RBI report transactions through digital means rose to Rs 124.69 trillion and the number of such transactions was 865.8 million in September last year. #casansaar (Source - PTI, Times of India)