scorecardresearch
New credit card password kicks in for phone banking

New credit card password kicks in for phone banking

Under RBI guidelines, all banks will mandatorily decline any telephonic banking transactions where customers do not have a one-time password for such services.

With the onset of the new year, credit card customers would have to furnish an additional password for any transactions conducted over phone.

These steps have been taken after the Reserve Bank of India (RBI) introduced new guidelines for making phone banking more secure.

According to the RBI guidelines, all banks will mandatorily decline any telephonic banking transactions, including the automated IVR (interactive voice response) services, where the customers do not have a one-time password (OTP) for such services, with effect from January 1.

OTP will be valid for a single use and would remain in effect for a period of two hours. Customers would need to generate a separate OTP for each IVR transaction. The new step has been taken as a safeguard against credit card frauds. There has been an uptick in credit card frauds where lost or stolen cards can be used by anyone.

For transactions where cards are required to be presented physically, RBI has already made an identity verification mandatory and the signature also needs to be matched with that on the card. However, phone and Internet banking have been grey areas in terms of their misuse.

The added security layer for phone banking follows a similar step taken by the banks for Internet banking transactions. Earlier this year, RBI had made it mandatory for banks to provide their customers an additional security layer for all the credit card transactions conducted over Internet.

Banks like Citibank and HDFC Bank have already asked their customers to get the OTP for their phone banking transactions and others are in the process of doing so. Banking sector experts said those customers who do not get an OTP before January 1, will be prompted to get one whenever they initiate a phone banking transaction.

"Starting January 1, 2011, these ( IVR) transactions need to be authenticated with an additional password. This is mandatory as per the RBI guideline," HDFC Bank said in a circular to its credit card customers.

The password will be sent only to the registered mobile number and email address of the customer.

After the new security layer, the customers would need at least five numbers to conduct a credit card transaction over phone, including the 16-digit card number, card expiry date, CVV (card verification value which is printed on the back of the card) number, mobile number and the OTP.