logo-rbiThe e-commerce industry in India needs to brace for the coming of a lull in transactions, which owes its origin to a notification from the Reserve Bank of India.

According to the notification, it order to enhance the security of online card transactions, it will become mandatory from August 1st 2009 onwards, to provide:

1. A system of providing for additional authentication/validation based on information not visible on the cards for all on-line card not present transactions except IVR transactions.
2. A system of “Online Alerts” to the cardholder for all “card not present” transactions of the value of Rs. 5,000/ and above.

Implications

Travel Portal Cleartrip recently set up a page to help its users register at various bank sites for Verified by Visa and Mastercard Secure verification norms which banks in India are adopting in order to comply with point 1 mentioned above. Hrush Bhatt, co-founder, Cleartrip, told MediaNama that for completing transactions, merchants will have to re-direct consumers to bank sites, which will require the additional password for verification of payment. For methods that involve redirection, payment failures are around 10 times more.

Bhatt said that though the RBI circular is correct in spirit, but the manner in which this is being implemented, is going to cause disruption for customers and merchants. Cleartrip is gearing up for at least a 2-3 week disruption, “when people won’t know what this stuff is. Hopefully, after that people will enroll.” ICICI Bank is planning to mandate usage of these additional passwords on July 20th, while the rest are expected to switch between July 20th and August 1st, except American Express. “AmEx already has billing address verification in their API,” he said.

Bhatt added that this also puts Indian online companies at a disadvantage to international ones, because “International companies do not have this extra hoop to jump through. Any (Indian) company that wants to serve an international audience is also at a disadvantage.” This is because international customers will not be able to use sites from Indian merchants unless they have the additional password.

Alternatives & Why Banks Went For Additional Passwords

“Last date we heard, less than 8% of the world is enrolled in any of these programs,” Bhatt said, referring to Verified by Visa and Mastercard Secure. “In the US, merchants are provided with a variety of fraud control measures like billing address verification, date of birth verification; obviously, the banks have this information.” Bhatt said that the biggest processors of transactions online – Amazon and iTunes – do not support the additional password.

“There could be other ways, but the banks have chosen to go with the method that involved the least amount of work for them. The existing gateways and the APIs don’t process these fields right now, so they will have to reverse integrate with wherever that information sits in their system to ensure that that an additional field is provided to the gateways.”

Impact On WAP?

Bhatt wonders how this will work on WAP, because with this additional layer of security involves a redirection to the bank sites: Do mobile browsers support those redirects?

Does It Really Reduce The Risk Of Fraud?

This norm doesn’t stop people using Indian credit cards from purchasing at International websites – so it doesn’t really reduce the risk of fraud. The extra layer of verification is only for Indian merchants, and stolen cards can be used to purchase internationally.

Our Take: Instead of making things easier for those looking to transact online, things have only become tougher. I initially learned about this new requirement because I was unable to book a flight ticket via an airlines website last month, and eventually went back to Cleartrip to book. This looks like a disaster-in-waiting for the e-commerce and e-ticketing business in India.

Banks haven’t done anything so far to inform customers about having to register for Mastercard Secure or Verified by Visa, and it’s up to merchants to inform customers. Ticketing, clearly the most popular of e-commerce services, will be impacted most. Looks like cash-cards, as a mode of payment, will benefit most from this; at least on IRCTC, their success rate is substantially higher than those of credit cards. Maybe, with a decline in credit card transactions online, banks will start informing customers. Unless that happens, the merchants will struggle.