Comments on: Safer Online Transactions in India http://www.pankajbatra.com/india/safer-credit-debit-card-online-transaction-india-rbi/?utm_source=rss&utm_medium=rss&utm_campaign=safer-credit-debit-card-online-transaction-india-rbi Information >> Knowledge >> Wisdom Thu, 29 Jul 2010 19:25:24 +0000 hourly 1 http://wordpress.org/?v=3.0 By: Hoor Banu http://www.pankajbatra.com/india/safer-credit-debit-card-online-transaction-india-rbi/comment-page-1/#comment-3805 Hoor Banu Tue, 27 Apr 2010 05:05:23 +0000 http://www.pankajbatra.com/?p=320#comment-3805 Hi... Could you please talk about the current scenario of ecommerce in India. I would like to know more about it as i am doing a project on online marketing Hi… Could you please talk about the current scenario of ecommerce in India. I would like to know more about it as i am doing a project on online marketing

]]> By: Payment Security Expert http://www.pankajbatra.com/india/safer-credit-debit-card-online-transaction-india-rbi/comment-page-1/#comment-1465 Payment Security Expert Wed, 22 Jul 2009 08:31:50 +0000 http://www.pankajbatra.com/?p=320#comment-1465 RBI never sponsored or stated specific systems such as Verified by Visa or Mastercard UCAF/SPA in its directive. Before, the entire banking industry in India goes on this bandwagon, it is best to simply learn about the experience of cardholders and online merchants as it concerns these two systems. Just google ” verified by visa 2009 ” or go to this link : http://www.boingboing.net/2009/03/28/verified-by-visa-bri.html. VBV or UCAF/SPA static passwords can be easily phished. Once phished and used by fraudsters, it then makes it very difficult (not impossible) for the legitimate cardholder to dispute a fraudulent online payment made with his VBV or UCAF/SPA credentials. On the other hand, fraudsters can easily collaborate and share each other’s VBV or UCAF/SPA credentials and then dispute the charges with the issuing banks. The issuing Banks can never prove that the cardholder’s static VBV or UCAF/SPA’s credentials were not phished or compromised. It surprises me that India, the world’s technical resource, would copy the errors made by Banks elsewhere in the world that tried introducing VBV or UCAF/SPA. It is relatively simple for anyone to do a google search on Verified by VISA and realize that it has not been successful in other parts of the world. At least banks in other parts of the world and online merchants were not mandated to implement these systems. Be wary of mandated systems. A good security system never needs to be mandated. RBI never sponsored or stated specific systems such as Verified by Visa or Mastercard UCAF/SPA in its directive.

Before, the entire banking industry in India goes on this bandwagon, it is best to simply learn about the experience of cardholders and online merchants as it concerns these two systems. Just google ” verified by visa 2009 ” or go to this link : http://www.boingboing.net/2009/03/28/verified-by-visa-bri.html.

VBV or UCAF/SPA static passwords can be easily phished. Once phished and used by fraudsters, it then makes it very difficult (not impossible) for the legitimate cardholder to dispute a fraudulent online payment made with his VBV or UCAF/SPA credentials.

On the other hand, fraudsters can easily collaborate and share each other’s VBV or UCAF/SPA credentials and then dispute the charges with the issuing banks. The issuing Banks can never prove that the cardholder’s static VBV or UCAF/SPA’s credentials were not phished or compromised.

It surprises me that India, the world’s technical resource, would copy the errors made by Banks elsewhere in the world that tried introducing VBV or UCAF/SPA. It is relatively simple for anyone to do a google search on Verified by VISA and realize that it has not been successful in other parts of the world. At least banks in other parts of the world and online merchants were not mandated to implement these systems.

Be wary of mandated systems. A good security system never needs to be mandated.

]]>