All New Debit/Credit Cards Must Be EMV & Pin Based From Sept 1, 2015 – RBI

Reserve Bank of India (RBI) has issued fresh notification, which mandates and instructs all banks to issue only EMV and Pin based debit and credit cards for their customers. The deadline for the implementation of this directive is September, 2015; and all new cards issued henceforth have to be under this new format.

These new guidelines have been issued under Section 18 read with Section 10(2) of the Payment and Settlement Systems Act, 2007 (Act 51 of 2007). The RBI notifications states, “Accordingly, banks are advised that with effect from September 1, 2015 all new cards issued –debit and credit, domestic and international — by banks shall be EMV chip and pin based cards,”

EMV stands for Euro pay MasterCard Visa, while PIN is acronym for Personal Identification Number.

RBI observed that several banks were still issuing cards with magnetic strips. This new rule governing the issuance of new debit/credit cards has been made mandatory to secure transactions and enhance security aspects of non-cash based transactions, which are exploding at an amazing pace. Besides, due to the rapid adaption of ecommerce, Card Not Present (CNP) transactions are also increasing, which are prone to frauds.

As per RBI, most of the point-of-sales terminals across the nation are now equipped to handle EMV and Pin based cards which makes it an appropriate time to initiate the change. Additionally, all debit cards now support ‘PIN based insertion system’ to carrying on transactions.

Hackers exploiting Starbucks app to steal money

 

If you're using the Starbucks App to pay for your coffee, now would be the time to take a step back and probably change your passwords. Starbucks Coffee has an app which a users can link to their credit card and pay their bills. Recently, hackers have found a way to exploit a vulnerability in the app to steam money. Starbucks has confirmed a few cases of customers funds being withdrawn from their app since it is linked to a credit card.

Although, Starbucks have assured that no personal data has been exposed but many users are now agitated as they are yet to issue a patch for the exploit. The company has said that users should choose strong passwords so as to not get hacked easily.

You can take a few precautions to avoid such situation. The easiest way is to just pay cash or use your actual credit card instead of the app to pay for your Starbucks bill. Another precaution you can take is unlink your card from your account and change the password of your Starbucks account before re-linking your card again.

RBI relaxes two-factor authentication for debit card transactions under Rs 2,000; but it won’t work on Uber

The Reserve Bank of India yesterday announced that two-factor authentication won’t be necessary for plastic transactions below Rs 2,000. This led many users to believe that they would finally be able to link their cards again on services like Uber. But that isn’t the case.

The new RBI guidelines relax the two-factor authentication process for small transactions valued under Rs 2,000. However, this relaxation is only for cases where the card is present and specifically for the new contactless NFC cards some banks have recently issued. With these cards, users don’t have to insert their card into the machine and just need to tap it to make a payment.

Uber, on the other hand, falls under card not present situation, where the credit or debit card is not physically present and the details are stored online with the service provider. The RBI has not made any relaxation for such situations. Earlier, the RBI had issued a draft circular to get suggestions whether it should relax additional factor authentication for small value transactions. This is the final circular, which means services like Uber will have to continue with mobile wallet or even cash payment solutions.

Last August, the RBI mandated Uber to implement two-factor authentication on its app for credit card transactions in India, which was the law in cases the credit card was not physically present at the time of transaction. In such cases, users are directed to another authentication website where they are required to either input a pre-defined password or request for a one-time password, which is delivered as an SMS on the registered mobile phone number.

In cases where the card was present, users have to input a PIN number as a second authentication before the transaction could be complete. Uber was trying to use a loophole that allowed companies outside India to go through online transactions without two-factor authentication. After calling the two-factor authentication cumbersome, Uber tied up with Paytm to use its mobile wallet and to fall in line with RBI’s guidelines.

SBI Launches NFC-Enabled Contactless Debit and Credit Cards

State Bank of India on Thursday joined its private sector rivals to launch contactless credit and debit cards with near field technology (NFC).

Called the SBIinTouch cards, these contactless debit and credit cards are more secure and hassle-free to use at merchant outlets or ATMs and use the NFC technology which enables users to make payments by waving or tapping the card near the contactless reader instead of swiping or dipping it.

Private lenders ICICI Bank and HDFC Bank have already launched such NFC cards.

Launching the cards, SBI chairperson Arundhati Bhattachrya said the bank has already issued 1.08 lakh new cards to its customers in the eight largest metros and the remaining customers will get the cards in the following months.

The bank has 2.5 lakh Point of Sale terminals, out of which 1 lakh in the top eight metros will be upgraded so that they are NFC-enabled, she said, adding that this upgrade will cost the bank under Rs. 2,500 for each machine.

"The NFC technology makes the contactless cards very secure as the card never leaves your hand thereby reducing the risk of card loss and fraud," she said.

Studies have shown that on an average contactless card transactions can be up to three times faster than cash payments, reducing queues at busy retail outlets, she added.

These cards come with a fraud liability cover of Rs. 1,00,000, managing director and group executive for national banking B Sriram said, adding that the cards will be issued by the bank's credit card arm SBI Card, which is a joint venture with GE Capital.

Sriram said the bank plans to introduce these cards in a phased manner and will be especially targeted towards fast-food outlets, coffee shops, supermarkets and cinema chains where customers like to make quick transactions.