Anti-fraud card curbs and headache
Rising instances of fraudulent online transactions have prompted banks to disable many debit and credit cards by default. Customers have to go through a “tedious” process of reactivating the cards through Net or mobile banking, or through relationship managers with an option to deactivate them when they are not needed.
Bank officials said customers could use deactivated cards to make payments at retail outlets or withdraw cash from ATMs. But a customer has to get such a card reactivated if he or she wants to use it to make an online payment.
Banks — public and private — are disabling cards to prevent fraudulent online transactions or contactless payment. Once a card is disabled, alerts are sent through SMS and email to the account holder.
According to Reserve Bank of India’s January 15 circular, cards that have not been used for online or international transactions will be mandatorily disabled. In other cases, banks will take a decision based on risk perception of cardholders.
Bank officials and financial technology experts concede that the process to get a card reactivated is tedious but they say allowing customers the freedom to switch on and off their debit or credit card is crucial, and the best option available globally, to prevent fraud.
RBI data shows the number of reported fraud cases for card and Internet-based transactions has increased from 1,866 in 2018-19 to 2,678 in 2019-20. The amount involved has risen from Rs 71 crore to Rs 195 crore.
The first quarter of the current fiscal (April to June), much of which coincided with the nationwide lockdown, saw a rise in the dependence on online transactions. The number of reported fraud cases stood at 530 during the period, involving Rs 27 crore.
“The decision (to deactivate cards) is based on an RBI directive in January. Banks are gradually rolling this out…. What we have seen in many European countries is that transactions are not OTP-based and payments can be made by simply swiping the card or in a contact-less manner through Near Field Communications technology. Even if there is a two-factor authentication, it is not difficult for fraudsters to secure OTP through skimming and cloning or simply misleading the customer,” said a State Bank of India official.
“If a fraud is committed in India, it is easy for banks and RBI to track it and take action. But, if the card is used overseas without the knowledge of the cardholder, it becomes difficult to track. So the RBI’s move to allow a manual toggle for online and international transactions is a preventive measure,” said an HDFC Bank official.
“On the face of it, this seems to be an inconvenience to customers but, through this, they are in complete control of the security of their cards. RBI nowhere has said that the liability is now on the customer to manage the fraud. They are only bringing this as an additional security feature. The process will be made easier going forward with technology,” said Rajesh Mirjankar, MD and CEO, Infrasoft Technologies, a Mumbai-headquartered firm that has partnered with banks to offer application-based solutions for this purpose.
Several banks such as SBI, Axis, ICICI and HDFC have rolled out this option to easily toggle between activating and deactivating a card. More banks are set to follow.
“The idea is to be omnichannel when it comes to security. In the next phase chatbots and voicebots (such as Alexa)-based solutions are being rolled out. Artificial intelligence will also be used in future to validate digital transactions based on past mandates of the customer,” said Mirjankar.