Home » , , , ,

Netflix is violating RBI’s two-factor authentication and forex rules for payments

Share on Facebook0Tweet about this on TwitterShare on LinkedIn17Email this to someone
netflix (1)

My bank called me when I tried to sign up for Netflix. I use a HDFC Bank debit card and had not set limits on for international payments. Netflix did mention that payments will be processed internationally and that foreign transaction fees apply.

netflix 2FA 2

I entered my card details, which included my card number and CVV code, a few minutes after my bank set my limits. However, Netflix seems to be violating the Reserve Bank of India’s guidelines for card not present transactions which mandates that there should be two-factor authentication for card payments online and that settlement of transactions should be made by an Indian bank.

I did not receive an one-time password on my phone and Netflix redirected me to this page which said that the payment was successful.

Netflix 2FA 1

I also received a message on my phone that the payment was processed by Netflix in Amsterdam. Curiously, HDFC Bank’s representative who called me said that the payment to Netflix is being routed to a merchant in Singapore.

netflix 2fa 3

Users on Twitter had also spotted that Netflix was bypassing two-factor authentication.

Previously, the RBI had mandated that entities that route online billing internationally, for goods and services purchased online using Indian cards, need to include a second factor of authentication, and route transactions through a bank in India.

Uber’s problems with two-factor authentication

Readers will remember that cab hailing service Uber had run into similar problems in 2014 and had to comply with RBI’s guidelines on card-not-present transactions and to tie up with mobile wallet Paytm to facilitate transactions in India. Uber has since resumed payments via cards in July 2015 and tied up with Delhi-based Zaakpay, a digital payments gateway, to enter a CVV  and a one-time password received on their mobile phone to pay for the cab ride.

MediaNama’s take

We’ve pointed out earlier that there is a lot of confusion on the nature of RBI’s two-factor authentication and foreign exchange rules. It is unclear whether these rules impact purchases only made in India, or they impact all purchases made using Indian cards in India (in which case, all transactions using Indian cards will have to be in INR). Many users have pointed out that purchases made on Amazon.com, gaming marketplace Steam and other international websites do not go through two-factor authentication and it remains to be seen how the RBI will handle this situation. Netflix should have done its homework on this front and taken lessons from Uber on how to enter the Indian market.

Image by Matt Perreault, used under CC-BY-SA.

Share on Facebook0Tweet about this on TwitterShare on LinkedIn17Email this to someone
  • I don’t think 2-factor is applicable for digital services being bought via payment gateways outside India. That said, not all banks support it. In case of HDFC you need to login and enable international purchase option before making these transactions. Uber is a service offered physically in India which is why RBI forced it to use 2 factor.

    None of the SAAS services available internationally are using 2 factor either and you can use your debit card in some scenarios.

  • Sickularist

    I think the reporter should also write on science and technology related topics as well.. he has a real grip of the issues he writes about..

  • Sanket Kambli

    those on apple iTunes are already aware of it. Maybe those who pay on android play store too (not sure) ..
    RBI can’t regulate the world ..

  • sketharaman

    Now MediaNama has pivoted from digital business publication to a banking compliance publication or what? You go ahead and insist on 2FA and suffer failed payments that comes with it. I’ll give my business to companies that know how to comply with regulation and still deliver superior CX to me.