RBI asks banks to add extra security layer for phone banking

New Delhi, Dec 26, (PTI):,

Dec 26 2010, 11:04 ist
updated: Dec 26 2010, 11:04 ist

As per the RBI guideline, all the banks will mandatorily decline any telephonic banking transactions, including the automated IVR (Interactive Voice Response) services, where the customers do not have a One-Time Password (OTP) for such services with effect from January 1, 2011.

However, the OTP will be valid for a single use and would remain in effect for a period of 2 hours. The customers would need to generate a separate OTP for each IVR transaction.

The new step has been taken as a safeguard against credit card frauds. There has been an uptick in credit card frauds where lost or stolen cards can be used by anyone.

For transactions where cards are needed to be presented physically, the RBI has already made it mandatory for an identity verification and the signature also needs to be matched with that on the card. But phone and internet banking have been matter of grey areas in terms of their misuse.

The added security layer for phone banking follows a similar step taken by the banks for internet banking transactions. Earlier this year, RBI had made it mandatory for banks to provide their customers an additional security layer for all the credit card transactions conducted over internet.

Banks like Citibank and HDFC Bank have already communicated to their customers to get the OTP for their phone banking transactions, while others are in the process of doing so. According to banking sector experts, those customers who do not get an OTP before January 1, will be prompted to get one whenever they initiate a phone banking transaction.

"Starting 1st January, 2011 these (IVR) transactions need to be authenticated with an additional password. This is mandatory as per the RBI guideline," HDFC Bank said in a circular to its credit card customers.

The password will be sent only to the registered mobile number and email address of the customer.

After the new security layer, the customers would need at least five numbers to conduct a credit card transaction over phone, including the 16-digit card number, card expiry date, CVV (Card Verification Value, which is printed on the back of the card) number, mobile number, and the OTP.