Something for people who use a Visa or MasterCard Credit /Debit card to make online transactions in India.
Online transactions in India have always lagged behind those of other countries in terms of usage and demographic penetration because a lot of people are afraid that their credit card details will be misused if they divulge them online. The truth, of course, is that there is a greater chance of mischief occurring when you absent-mindedly hand over your card to the waiter in the restaurant than if it were used for an online transaction.
Anyway, there’s now a bit of news that ought to decrease the risk of fraudulent online transactions occurring in India. The Reserve Bank of India recently issued a directive asking banks and online vendors of Indian origin to beef up security for all credit card transactions that have a value of INR 5,000 or more. So whether you buy a home stereo system on eBay or book air tickets by calling up MakeMyTrip.com, you’ll need to provide an additional password for completing that transaction.
What is Verified by MasterCard / Visa
Effective August 1, 2009 (tomorrow), all online credit card and debit card transactions in India will require an extra level of verification.
Visa calls its service “Verified by Visa” (VBV) while MasterCard users will be offered the “SecureCode“. A number of banks also refer to this as 3D Secure Service – so although the terminology might vary depending on the bank, the underlying principle is the same. This service, through a simple checkout process, confirms your identity when you make purchases on the Internet. Through a personal assurance message it also reassures you of the authenticity of the online store.
While it was optional earlier, the RBI’s directive makes it mandatory effective 01 August 2009, for all online card transactions to be processed using these enhanced security procedures. While this means an additional verification step for a user, it most certainly brings yet another layer of security to the entire process.
How is 3D Secure Different?
As things stand, users authenticate an online payment by specifying details such as the Name of the Card Holder, date of expiry of the Card and the CVV2 number (usually the 3 digit number located behind the card). This is all well and good for users while the Credit Card is in their possession but it doesn’t offer any protection in the case when your card winds up in the hands of an unscrupulous person.
That’s because all the details required to authenticate an online payment are already present on the card. So if someone has physical access to your card or even a photocopy of both sides of your card, they can always ensure that a transaction is validated even without your knowledge.
What “Verified by Visa” and “MasterCard SecureCode” do is that these services add an intermediate authentication step before the payment is authorized. Quite simply, you’re asked for a password. That password is something that only you would know and it certainly will not appear on the card. So, even if your card is stolen, misplaced or misappropriated, online transactions above Rs. 5,000/- will NOT be validated without the correct password.
How to Register your Debit & Credit Card(s)
Registering your existing Visa/ MasterCard Debit and Credit cards for the 3D Secure service is simple. You can either register for the “Verified by Visa” or “Master Secure Code” service while you are shopping on the Internet or you can visit your bank’s website right now and register all your cards.
If you have an add-on card for your spouse or relative, the card holder will have to register separately to create his/her own personal PIN. The PIN should be all numerals because it will also be used for IVR transactions that happen over the phone and most phones don’t allow you to type alphabets or special characters.
If you have multiple debit or credit cards, you can assign the same Internet PIN to all these cards. For more information, visit your bank’s website – here are a few links of popular Indian banks & their information pages on these authentication services:
HDFC Bank, ICICI Bank, Citibank, HSBC Bank, Standard Chartered, State Bank of India, Axis Bank, ABN Amro, Deutsche Bank, Karur Vysya Bank
Set a Personal Greeting
Although certainly NOT foolproof, these systems certainly increase the security of online transactions. However, security experts in other countries, differ on certain aspects of this system, citing the fact that it becomes quite easy for phishing scams to garner the VbV password thereby allowing for fraudulent transactions. The risk is somewhat mitigated if one is careful about retaining one’s password, not clicking on links received in emails – type out the URL in your browser’s address bar instead, and of course using some basic common sense like using only a secure and verified HTTPS connection to perform any financial transactions online.
When you register your debit or credit card for Verified by Visa or MasterCard SecureCode, you will be asked to create a Personal Assurance Message – set this to something memorable (e.g., “my wife loves shopping at Macy’s”). Now when you pay online, this Personal Assurance Message will be displayed on the checkout page of the website to ensure that your bank is authenticating your transaction and not a phishing website.
By Shahrzaad M Parekh.
Find this article at: http://www.labnol.org/india/register-mastercard-visa-credit-cards-in-india/9310/
Tags: credit card, debit cards, mastercard, visa, India
Reader Comments
It is amazing that in this day and age, the credit card companies still cannot offer us a one-time card number for a transaction. When shopping online both us customers and vendors must be on line. I should provide my info (including credit card# and password) only to my credit card company. They should issue a unique, one time, ‘card number’ that along with the time (now) and the precise amount the vendor can verify and “acquire” the transaction.
I remember that at one point American Express had this but then they stopped offering it. This scheme is so much safer and random vendor on the Internet will never get to get my real credit card info – and they should not.
Written by Dror Harari on 07.31.09
Now it will be easier for me to venture out a kiosk based application in future when/where all the credit cards ( and probably debit cards too ) would require no specialised PIN Pad and Card Swipe device which are too costly to start with! Now just a Kiosk app with good touch screen tablet PC and secure internet connection would do a job ! lol ;-)
Written by Rakesh Waghela on 07.31.09
Thanks Sir,its really a useful information..does it also applies to ATM cum Debit Master Cards of HDFC?
Written by Prashant Jaiswal on 07.31.09
First of all, thanks Amit for bringing this piece of information to our notice.
Commenting on the previous poster i.e Dror Harari’s comment, i’m not sure if you are referring to something which i just discovered while registering my HDFC debit card on the HDFC web-site link provided by Amit in his blog.
Once i had registered my card, i was given an option to generate a limited time Netsafe card. I was asked for a pre-defined limit. For e.g. i set the limit to 20000. It then randomly generated a 16 digit card number, a CVV2 code and an expiry date (month/year actually) to Oct 2009. In the fine print it reads 2 conflicting statements.
- It is to be used within 24 hours.
- In another place it says that the Netsafe card will expire in 2-3 days if not used.
Amit, i have few questions now. Hopefully, you can answer.
- What is this Netsafe Card feature?
- Is it limited to HDFC or every bank is offering it whenever somebody registers for 3D Secure service?
- 16 digit card number and a CVV2 code that was generated can be used as a credit card for online transactions on international web-sites? I was only trying to register my HDFC debit card for 3D secure service!
Thank you
Punit
Written by Punit Singh on 07.31.09
A cogent initiative from RBI! Hope this should help a lot of people in India to shop online! And well-versed article!
Written by Sandeep Swaminathan on 07.31.09
Thank you Amit for your useful and quite informative advise to all, i will proceed to obtain this additional security.
Written by pradeep ivon on 07.31.09
Very useful information Amit. Since I shop online pretty often, I ended up registering my Visa and Mastercard even before the 1 August deadline.
However a nice post.
Written by Ashwin on 08.01.09
My paypal account has stopped working from Aug 1st due to card validation when I try to pay Godaddy.com (US based) from India. Has anyone tried making International transactions ? I have not yet registered with Mastercard secure code that you have mentioned as I use card for international transactions only.
Written by arun on 08.02.09
Well Ashwin, Paypal stopped working for me though I am registered for secure code since ages.
Also, someone please enlighten us on what will be the policy for recurring payments? If each transaction has to go through this extra step, does it mean that there will be no support for recurring transactions like paying monthly bills?
Written by deeps on 08.03.09
I Have been trying to make a payment on an international site for 2 days now and my card has been refused. I also tried using paypal and the transaction kept on being denied. I registered with secure code a very long time ago as well. I rung the hdfc credit card number and they very unhlpfully told me that “Yes, we are having this problem with paypal as they are not registering.” Apparently all websites that deal with any online Indian transactions also have to register. Does this make sense ? I too have to make a couple of recurring payments. Are they going to be affected and is there a solution to this ?
Written by Ashwin Mushran on 08.05.09