): Government has launched Debit Cards with functionality of National Common Mobility Card (NCMC), for enabling digital payment in Metros and Bus Services. Further, steps have been taken for enhancing the security features of the Debit/Credit cards for promotion of digital payments. Details of steps taken for security of card transactions are in Annexure.
(b) and (c): Efforts are being taken to internationalize the RuPay Card and BHIM UPI as given below:
• RBI has enabled acceptance of Discover and Diners Club Cards at ATM’s and at POS terminals in India and issuance of RuPay Global EMV Chip and PIN cards to be accepted across terminal of Discover Financial Services (DFS) network internationally.
• RBI has enabled acceptance of Japan Credit Bureau (JCB) Cards on ATMs and POS terminals in India and issuance of RuPay Global Cards for acceptance through the JCB global network for ATM and POS transactions.
• NPCI is conducting pilot studies, for RuPay in Bhutan and BHIM UPI acceptance in Singapore.
******
Annexure
Steps taken for security of card transactions
Reserve Bank of India (RBI) has issued various instructions in respect of security and risk mitigation measures related to card transactions which are as follows:
a. Banks have been advised to provide online alerts for all card transactions [Card Present (CP) and Card Not Present (CNP)] (Cir. DPSS. CO. PD 2224/02.14.003/2010-2011 dated March 29, 2011).
b. RBI has also issued circulars dated September 22, 2011, February 28, 2013 and June 24, 2013 for securing electronic (online and e-banking) transactions advising banks to introduce additional security measures as under:
• All new debit cards and credit cards to be issued only for domestic usage unless international use is specifically sought by the customers. Such cards enabling international usage will have to essentially be EMV Chip and PIN enabled.
• Banks should ensure that the terminals installed at the merchants for capturing card payments (including the double swipe terminals used) should be certified for PCI-DSS (Payment Card Industry-Data Security Standards) and PA-DSS (Payment Applications-Data Security Standards).
• Banks should ensure that all acquiring infrastructure that is currently operational on IP (Internet Protocol) based solutions are mandatorily made to go through PCI-DSS and PA-DSS certification. This should include acquirers, processors / aggregators and large merchants.
c. All banks had been advised to convert all existing Magstripe cards issued by them to EMV Chip and PIN cards (Cir. DPSS.CO.PD.No.448/02.14.003/2015-16 dated August 27, 2015).
d. RBI has directed banks to mandatorily put in place Additional Factor of Authentication (AFA) for all CNP transactions with effect from May 1, 2012, failing which the issuer bank shall reimburse the loss to the customer further without demur (Cir. DPSS.PD.CO. No.223/02.14.003/2011-2012 dated August 04, 2011).
e. All authorised card payment networks are permitted to offer card tokenisation services to any token requestor (i.e., third party app provider), subject to certain conditions. All extant instructions of RBI on safety and security of card transactions, Including the mandate for Additional Factor of Authentication (AFA) / PIN entry shall be applicable for tokenised card transactions also (Cir. DPSS.CO.PD No.1463/02.14.003/2018-19) dated January 08, 2019).
RBI, vide circular DPSS.CO.PD.No. / 2895 / 02.10.002 / 2015-2016 dated May 26, 2016 on ‘ATMs - Security and Risk Mitigation Measures for Card Present (CP) Transactions’, has advised the banks and White Label ATM Operators (WLAOs) to ensure that all the existing ATMs installed / operated by them are enabled for processing of EMV Chip and PIN cards. Also, all new ATMs shall necessarily be enabled for EMV Chip and PIN processing from inception. Further, in order to ensure uniformity in card payments ecosystem, banks shall also implement the above requirements at their micro-ATMs which are enabled to handle card-based payments.
******
Download PDF Files
