Ancient cities had walls and gates to act as a checkpoint for defence, taxation, health, safety, etc. These gates would typically be locked after sunset to prevent unauthorised people from entering, and more important, to guard against a surprise enemy attack. Modern cities are more open. While toll plazas and tax checkpoints do exist, cities are open and usually allow for free movement within the country.
Payment systems are like modern cities. You know you can trust your fellow citizens, but are always careful about outsiders. These provide seamless connectivity to fulfil transactions, but every checkpoint clogs the system and increases transaction failure rate.
Currently, a big impediment to ‘pay as you go’ is the requirement of additional factor of authentication (AFA), which is typically a one-time password (OTP) received via SMS.
In that context, the recent move by Reserve Bank of India to give consumers an option to waive off AFA for transactions below R2,000 is laudable. This is bound reduce drop rates, and hence accelerate adoption of digital payments in a currency-strapped economy.
You may also like to watch this video:
So, what are the pros and cons?
The biggest gainers will be merchants offering low-value goods and services, like taxi aggregators, ticket booking sites, small value e-tailers, etc. Imagine yourself booking a taxi with your pre-registered credit/debit card and stepping out at your destination without waiting for the bill to be presented and OTP for online payment. It is as frictionless as it can get. There could be a million more use cases.
Now, for the risks. A card number without OTP could be misused by a rogue merchant to debit your card account without authorisation. Worse, your card number could be used at an overseas website or store, which may not be mandated to follow AFA. Of course, you have recourse to standard chargeback process, but then this is an inherently risky affair for all parties concerned, i.e, the consumer and her issuing bank.
The point to be noted is that the same misuse of card information can also occur at an Indian website or store, but here’s where the cybercrime enforcement comes into play. If the merchant/IP address is within India, local cybercrime enforcement officials can at least trace and try to apprehend the culprits. However, if the criminal is sitting overseas, matters become very complicated. International cybercrime protocols are yet to be formalised, and again, establishing the entire crime trail could be an exercise in futility.
Here’s what your banks and card associations could do to protect you from the unknown international risks:
w Ensure that every merchant using online payments is issued a common PAN-like ID number and is fully KYC-ed and verified;
w Ensure that the merchant contact details are regularly updated and monitoring checks are in place to ensure validity and correctness of information;
w Rather than providing the cardholder an ‘opt out’ option from international payments, have an ‘opt in’ option, i.e, by default all cards are deactivated at international merchants unless specifically requested for by the cardholder;
w Ensure a user-friendly intuitive ‘opt out’ service for cardholders to cancel the waiver and revert to AFA required;
w Educate cardholders about risks and benefits in online transactions and incentivise good behaviour in the form of better credit ratings, etc;
w Have a transparent and time-bound chargeback process, where the cardholder gets credit back into the account instantly for proven disputed transactions.
Cities thrive on efficiency, which is based on the assumption of safety and security. Similarly, if payment systems can guarantee that to all stakeholders, there is no reason why the dream of a less-cash India cannot be achieved.
The author is CFO, TechProcess Payment Services. Views are personal