Reserve Bank relaxes mandate of Additional Factor of Authentication (AFA) for small value card present transactions using contactless technology
The Reserve Bank has today released the final circular on the relaxation in requirement of additional factor of authentication (AFA) for small value card present transactions for values up to ₹ 2,000/- per transaction across all merchant categories. This is in line with the Reserve Bank’s approach to enhance customer convenience while ensuring security in card based transactions.
Banks have been advised to put in place suitable velocity checks (i.e., how many such small value transactions will be allowed in a day / week / month) as considered appropriate.
Banks have also been advised to create awareness among customers about the use of contactless cards, its acceptability, the risks and liability, if any devolving on the customers, at the time of issuance of such cards.
Customers may look for the “contactless” logo on the card as well as at the merchant location so that they can distinguish such cards from other cards available with them and also identify the locations where contactless payments are accepted.
As these cards will continue to be chip cards, customers may use them, irrespective of value, as a regular chip card and authenticate the transaction with a PIN as hitherto. If the customer, however, chooses to use the card for contactless payments, then PIN authentication may not be necessary for transactions up to ₹ 2,000/-.
To ensure inter-operability and facilitate acceptance of such cards across all existing card acceptance infrastructure that are already Europay, MasterCard and Visa (EMV) compliant based on the existing instructions, this relaxation has been made applicable to only card present transactions using contactless cards (NFC-based) adhering to EMV standards. This will also ensure the usability of such contactless cards as regular chip card with PIN authentication, if the customer so desires.
Bank will examine the possibility of other types of contactless payment solutions using other form factors like mobile and issue instructions, if required.
It may be recalled that the Bank had placed in its website the draft circular on “Relaxation in requirement of Additional Factor of Authentication for small value card present transactions” on March 13, 2015 for public comments till April 04, 2015. This relaxation was considered taking into account the requests received from various segments indicating the need to foster innovative payment products as also enhance the convenience factor in certain types of card uses.
Assistant General Manager
Press Release : 2014-2015/2407
May 14, 2015
The Chairman and Managing Director / Chief Executive Officer
All Scheduled Commercial Banks including RRBs /
Urban Co-operative Banks / State Co-operative Banks /
District Central Co-operative Banks/Authorised Card Payment Networks
Madam / Sir
Card Payments – Relaxation in requirement of Additional Factor of Authentication for small value card present transactions
Reserve Bank has issued various instructions on security of card transactions and risk mitigation measures, including directions on online alerts as well as on additional factor of authentication. These measures have significantly increased customer confidence in using cards.
2. In the recent past, Reserve Bank has received requests for waiver of requirement of the additional factor of authentication (AFA) so as to foster innovative payment products / processes as also enhance the convenience factor in certain types of card transactions. After examining the trade-off between security and convenience in card transactions, Reserve Bank had placed for public comments a draft circular outlining the relaxation in the need for AFA in case of small value card present transactions using Near Field Communication (NFC) contactless technology subject to adherence to EMV standards.
3. The comments received on the draft circular have been examined. Accordingly, it has been decided to relax the extant instructions relating to the need for AFA requirements for small value card present transactions only using contact-less cards. In this regard, it is advised that –
5. Further, in the interest of customer awareness and protection the banks are also advised:
6. It may, however, be noted that the above relaxations shall not apply to:
7. This directive is issued under Section 10(2) read with Section 18 of Payment and Settlement Systems Act 2007 (Act 51 of 2007).
(Nanda S Dave)
Chief General Manager