RBI for two stage verification, use of public key infrastructure for safe online payments
Updated: Apr 23, 2014 11:12:14am
Mumbai, Apr 23 (KNN) With a view to stopping frauds in online banking, the Reserve Bank wants the banks to introduce two-stage authentication to ensure security of password. The apex bank has suggested the use of public key infrastructure (PKI) in order to ensure a safe and secure payment system in the country.
The RBI report on 'Enabling Public Key Infrastructure (PKI) in Payment System Applications' said banks should also inform customers about risks associated with different types of online banking transaction.
"Internet banking applications of all banks should mandatorily create authentication environment for password- based two-factor authentication as well as PKI-based system for authentication and transaction verification in online banking transaction," the report said.
The report also said that the customers should be given the option to choose from different methods of authentication for ensuring security of online transactions.
Besides, banks should provide a PKI-based authentication system for online banking transactions as an optional feature for customers.
According to the report, the security of financial transactions — being executed from some remote locations and transmission of financial information over the air — is the toughest challenge that needs to be addressed jointly by mobile application developers, wireless network service providers and the bank.
It also suggested that banks should move towards real time fraud monitoring system at the earliest. Moreover, there is a need for banks to provide easier methods (like SMS) for the customer to block his debit/credit card and get a confirmation to that effect after blocking the same.
There are various PKI-enabled electronic payments systems introduced by RBI such RTGS, NEFT, CBLO, Forex Clearing, Government Securities Clearing, and Cheque Truncation System (CTS).
"The objective of an effective payment system is to ensure a safe, secure, efficient, robust and sound payment system in the country. In order to secure electronic documents and transactions and to ensure legal compliance, digital technology is used," it said.
The report said that the banks may carry out in three phases PKI implementation for authentication and transaction verification.
"The banks have been mandated to issue EMV (card with chip and pin) to certain category of customers and for the other customers, banks have been given option to either issue EMV cards or adopt Aadhaar biometric authentication as additional factor of authentication," the report said. (KNN/SD)
The RBI report on 'Enabling Public Key Infrastructure (PKI) in Payment System Applications' said banks should also inform customers about risks associated with different types of online banking transaction.
"Internet banking applications of all banks should mandatorily create authentication environment for password- based two-factor authentication as well as PKI-based system for authentication and transaction verification in online banking transaction," the report said.
The report also said that the customers should be given the option to choose from different methods of authentication for ensuring security of online transactions.
Besides, banks should provide a PKI-based authentication system for online banking transactions as an optional feature for customers.
According to the report, the security of financial transactions — being executed from some remote locations and transmission of financial information over the air — is the toughest challenge that needs to be addressed jointly by mobile application developers, wireless network service providers and the bank.
It also suggested that banks should move towards real time fraud monitoring system at the earliest. Moreover, there is a need for banks to provide easier methods (like SMS) for the customer to block his debit/credit card and get a confirmation to that effect after blocking the same.
There are various PKI-enabled electronic payments systems introduced by RBI such RTGS, NEFT, CBLO, Forex Clearing, Government Securities Clearing, and Cheque Truncation System (CTS).
"The objective of an effective payment system is to ensure a safe, secure, efficient, robust and sound payment system in the country. In order to secure electronic documents and transactions and to ensure legal compliance, digital technology is used," it said.
The report said that the banks may carry out in three phases PKI implementation for authentication and transaction verification.
"The banks have been mandated to issue EMV (card with chip and pin) to certain category of customers and for the other customers, banks have been given option to either issue EMV cards or adopt Aadhaar biometric authentication as additional factor of authentication," the report said. (KNN/SD)
Loading...
