Extra security measure in payment gateway may curb e-commerce growth

There are reportedly close to 50 million credit card holders and 300 million debit card holders in India and every month, banks have been receiving at least 2000 complaints relating to purchases made using stolen or lost credit and debit cards.

To prevent such fraudulent transactions, which are mostly perpetuated by impersonation through stolen, lost and hacked cards, the Reserve Bank of India (RBI) has suggested a number of steps to be implemented by banks, including requiring cardholders to register their cards under the "Verified by Visa" or "Master Card 3D-Secure" program before August 1, 2009 to enable cardholders to continue using their cards for future online transactions.

This is in addition to other information already required by the cardholder to submit like name, card number, expiry date and CVV (card verification value) number.

According to e-commerce players, the additional security measure i.e. the mandatory requirement for cardholders to register their cards under the "Verified by Visa" or "Master Card 3D-Secure" program before August 1, 2009 so that they can be issued personal identification number (PIN)/password to enable them to continue using their cards for future online transactions, may trigger a decline in daily online business by at least 25-30 percent.

Currently, any online purchase requires the cardholder to type in their card details including the three- or four-digit card verification value (CVV) number that appears on the back of a credit card.

The RBI directive will now introduce a new screen to the processing steps where the cardholder will have to type in the PIN/password that will be generated while registering under the "Verified by Visa" or "Master Card 3D-Secure" program. This additional step, claim industry pundits, will make the online transaction more cumbersome in a country where low bandwidth has already made e-commerce a time-consuming and tedious process.

Though the move will boost consumer confidence in the long term, it may cause a dip in transactions in the short term, because many online customers may be put off by the additional security measure.

According to Anupam Mittal, chairman and managing director of People Group, because of the additional security measures, e-commerce players stand to lose revenue to the tune of around Rs.2500 crore. "As a result, the exchequer may stand to lose up to Rs.300 crore in service tax," he added.

P.K. Thomas, COO of Cleartrip.com, one of the largest online sites for booking air-tickets, said, "Our inhouse survey results show that customers simply switch off if the credit card transaction takes too much time, or is a bit risky. All banks have not made customers aware of the issue and this might lead to a loss in business for the industry."

"On Cleartrip.com, when users were redirected for 3-D secure authentication, we noticed a 25 to 35 percent drop in payment completion rates," he added.

The Internet and Mobile Association of India (IMAI) has also criticized RBI's directive, saying that it should have been non-statutory in nature. "India does not even feature in the top 10 online fraud perpetrating countries, which account for 95 percent of online fraud reported worldwide. Online card fraud is mostly originating from international cards and not Indian cards," an IMAI statement said, pointing out that online fraud is just 0.16 percent of the e-commerce industry in India. According to the Internet Crime Complaint Center (IC3), the US and UK are the largest online fraud-perpetrators.

However, bankers have hailed RBI's move to make the additional authentication mandatory for cardholders for online purchases.

"This will definitely help in preventing many cash frauds while using credit or debit cards for online purchases. Enhancing the security level is much needed in the face of rising usage of cards for online transactions," Sushil Muhnot, executive director, IDBI Bank, said.

According to a RBI official, the value of credit card transactions increased from Rs.41,361 crore in 2006-07 to Rs.57,958 crore in 2007-08, representing a surge of over 40 percent.

During the same period, the debit card transactions surged by over 50 percent to Rs.12,521 crore from Rs.8172 crore.