RBI/2012-13/540
DPSS (CO) PD No.2377/02.14.003/2012-13
June 24, 2013
The Chairman and Managing Director / Chief Executive Officers
All Scheduled Commercial Banks including RRBs / Urban Co-operative Banks /
State Co-operative Banks / District Central Co-operative Banks/
Authorised Card Payment Networks
Madam / Dear Sir,
Security and Risk Mitigation Measures for Card Present and Electronic Payment Transactions
A reference is invited to our circular dated September 22, 2011 on security issues and risk mitigation measures related to Card Present (CP) transactions and circular dated February 28, 2013 on security and risk mitigation measures for electronic payment transactions wherein various timelines were indicated for accomplishment of tasks for securing card and electronic payment transactions.
2. In this regard, representations have been received from the stakeholders for extending the timelines indicated in the above circulars. A review of banks’ preparedness for securing card as well electronic transactions indicated that technical glitches like field visits to all the ATM and POS locations, certification delays, re-carding /fall back related issues, non-preparedness of the acquirers leading to rejections, issuers concerns, etc. were hampering the smooth & timely transition to the desired environment for such transactions.
3. With a view to providing uninterrupted services to the customers, it has been decided to grant a onetime extension of time as indicated below:
|
No.
|
Task
|
To be completed by
|
|
i.
|
Acquirers to be ready with the respective tasks stated under circular dated September 22, 2011 and February 28, 2013 respectively
|
September 30, 2013
|
|
ii.
|
Issuers to be ready with the respective tasks/tests stated under circular dated September 22, 2011 and February 28, 2013 respectively
|
November 30, 2013
|
|
iii.
|
a) Fall back option/bypass (without PIN requirement) to be enabled for all cards issued in India
b) Fall back option/bypass (without PIN requirement) to be enabled for all international cards used in India (cards issued abroad) based on the service codes and jurisdiction mandates
|
Till November 30, 2013
Present system to be continued
|
|
iv.
|
All other tasks stipulated vide our circular dated September 22, 2011 and February 28, 2013
|
September 30, 2013
|
4. Every issuer and acquirer will honour the transactions based on the above mandates and liabilities fixed accordingly. It may please be noted that in the event of a customer complaining of misuse of the card after the date stipulated in this circular, the issuer or the acquirer who has not adhered to the time lines should bear the loss.
5. Banks are advised to strictly adhere to the above mandates and ensure compliance. It is emphasized that no further extensions would be granted.
6. The directive is issued under section 18 of Payment and Settlement Systems Act 2007, (Act 51 of 2007).
7. Please acknowledge the receipt of this circular.
Yours faithfully,
(Vijay Chugh)
Chief General Manager
|
