BENGALURU: Despite the Reserve Bank of India permitting single-factor authentication for transactions below Rs 2,000 in December 2016, we still cannot use credit cards to pay for shared cabs, nor can we buy a burger without keying in a four-digit password into the swipe machine.
Banks are wary of allowing this, and therefore still insist that we enter the debit/credit card number, CVV, expiry date and finally the PIN or an OTP. They say that while they trust their own security and platforms, they are not very confident of the merchant sites their customers visit.
“While RBI has permitted single-factor authentication, ultimately the onus is on banks. It is our risk appetite; our ability to handle online frauds. As a bank we spend crores of rupees on IT infrastructure and security, whereas e-commerce players spend a fraction of what we do on security. Incidents like the Zomato data breach and others have only reinforced the need for banks to be over-cautious and continue following two-factor authentication,” said a top official at SBI.
Shared cab operators like Uber were among those who had lobbied strongly for single-factor authentication for small transactions. Globally, credit cards are the primary payment method in Uber. This was the case in India too when they started operations, but Uber had to introduce the Paytm wallet option when two-factor authentication became mandatory and credit cards would no longer work.
Kotak Mahindra is the only bank that has permitted single-factor authentication, and it has done it for select merchants, including BookMyShow, Swiggy, redBus, Amazon, Flipkart, Tata Sky, and BigBasket. “For banks, it is a balance between convenience and security. We take our customer’s data and privacy very seriously. Recently, to provide convenience to customers, we have enabled single-factor authentication across select trusted merchants for transactions up to Rs 2,000 while paying through net banking. However, this option is only for our customers who are comfortable with the idea of a single-factor authentication,” said Deepak Sharma, chief digital officer, Kotak Mahindra Bank.
Source by timesofindia.indiatimes..Share: