Home » , , ,

Note To RBI: Need A Level Playing Field In Online Billing In India

Share on Facebook0Tweet about this on TwitterShare on LinkedIn6Email this to someone

If you’ve tried to buy music on the newly launched iTunes India store, you’ll notice that because your credit card information is already with Apple (when you log in), the billing process is very smooth. You click ‘buy’, a credit card transaction is processed, and you get your content, whether it is buying music or applications. It’s the same if you buy an application on the Google Play Store, or, as I found out while promoting the #NAMA Conference in October, advertising online on Facebook in India.

For a buyer, this is an ideal scenario – the business stores your credit card information, and the moment there is a transaction initiated, it bills you without any need to go through a 3D secure page, need your CVV for authentication. One click purchase. For a business, it ensures high conversion rates – the shorter the time between intent to purchase and the completion of the actual purchase, the greater the likelihood that the purchase will be completed.

The problem is that many Indian businesses don’t have the same option: the express checkout functionality, which some Indian businesses are now adopting (Cleartrip was possibly the first;Flipkart had done it too) still takes customers through a “Verified by Visa” or “Mastercard Secure” layer, and on mobile through the one time password process which often doesn’t work (I’ve never been able to use it successfully, because). This has led to many businesses taking the closed wallet route: they encourage customers to use a single transaction to add money to their wallet, and then just debit from the wallet to complete the transaction, but don’t allow customers to withdraw the money as cash. Companies like Infibeam, IRCTC, Paytm, MakeMyTrip, Mobikwik, Flipkart have all launched closed wallets.


I’m not sure of how this works and how they’re working the system – there might be loopholes; perhaps in dealing with the international websites, you’re making an international transaction. Just because they’re displaying rates in an Indian currency and have licensed content for the Indian market, doesn’t mean that the billing is being done in India, even though the seller and the buyer in a marketplace like an app store might both be Indian entities. This could also mean that India might be losing out on tax income from businesses like Google (via Ireland?), Facebook, Apple, among others, and there is some kind of incentive to route billing through International payment gateways.

What I think needs to change is that the regulations need to apply equally to those doing businesses in India and/or with customers in India. Ideally, the second layer of authentication should go.

Share on Facebook0Tweet about this on TwitterShare on LinkedIn6Email this to someone
  • that’s a sharp analysis! great work!

  • I think its an unfair comparison considering the penetration of online payments in India viz a viz Other Developed Countries. Also, what the author asks for is at an individual level. Would a person be ideally ok unless he is guaranteed security to allow his payment to be processed with out any authentication?? I have my doubts.

    •  +1, A onetime digitally signed request should be collected by a vendor ( scanning a signature or making a echo-sign signature doesn’t qualify as digital signature in India ) to allow by-pass of 2 factor authentication by a client. The PAN is already linked to a credit card number in India and so is a Digital Signature class 2 by default. If someone can wake up cca.gov.in and get the ROOT digital signatures to be trusted by the browsers it would be possible to have a much simpler payment systems atleast for PC owners if not mobile owners.

      • Tarun: you want to explain this alternative process as a solution in a guest post for us?

  • Ankur Aggarwal

    dont agree with the last statement… As a consumer, in my view, “Ideally the second layer of authentication should be imposed for all businesses, even international ones who accept indian cards.” 

  • Vishwas Patel

    Nikhil, You are right. The billing for Apple iTunes, Appstore and transactions of other international merchants is being done out of India ( mostly Luxembourg). Therefore bypassing the RBI mandate of compulsory additional authetication factor namely Verfied By Visa, MasterCard Securecode and AmEx Safekey. Also the service tax of 12.36% on the commission fee is also not paid by the International processor as well as the tax on the overall profits of Apple and other MNC’s of sales to Indian consumers is clevely avoided as they are processed out of tax free havens. However, having said that as far improving the current flow is cocerned, we (IAMAI) are talking to RBI that if a customer has saved his card with a RBI approved Indian Processor and his first transaction is validated by VBV / SC or safekey then subsequent transactions need not be validated with the additional authetication factor as well the merchants should get the chargeback protection. RBI is considering it. Lets see. Rgds, Vishwas


  • Few months we were trying understand RBI Guidelines for Mobile payments.. which we were not able to . Micro Payment through mobile could be a boon to online payment system in India,considering mobile and on mobile internet penetration in India.. I don’t know how relevant you find my comment on this post.