OTP should be made mandatory on credit & debit card transactions on international websites: Consumers
- • Raise issue about services with foreign merchants getting renewed and charged without approval
- • Want MEITY to work with payment gateways to implement 2 factor authentications for international merchant charges on Indian issued credit and debit cards
- • Highlight how with OTP introduction will minimise risk in case of credit card information thefts
24th February 2018, New Delhi, India : Using credit and debit cards with international merchants has fast become common as more and more Indian consumers purchase mobile apps, games, computer software, etc. Consumers in India frequently buy subscriptions at Playstore and Apple store, or software subscriptions like MS Office or Adobe Photoshop trial offers. What many consumers have reported struggling with, are the automatic charges that keep hitting them every month without any pre-charge notification or approval.
Upon further discussions conducted on LocalCircles, consumers have reported that many services, especially from foreign merchants are leading to charges on their cards without any OTP approval. In many cases, what has been reported is that an amount is charged on their credit card followed by a SMS/email from the bank stating the amount that has been charged. Most consumers however want it the other way i.e. they would rather receive a request to approve a charge via SMS/Email OTP and only then be charged by the merchant. To understand the consumer request in quantitative terms, LocalCircles conducted a poll on the subject in which 9,690 consumers participated. 94% consumers voted in favour of making OTP approval mandatory any time a charge is to be made on their credit/debit card. Only 4% voted against it and 2% chose not to share their opinion.
Some of the frequent auto-renewal instances mentioned by consumers were credit/debit cards being auto renewed every year and the renewal charges charged to the card itself, software companies renewing annual subscriptions without permissions and posting a charge on credit/debit cards, value added services renewed by telecom operators every month without the user’s consent, some apps continue to charge subscription charges on the credit card even after user has deleted the app etc.
Consumers have suggested that just like the two-factor authentication works with India based merchants, it should also work for international merchants. This will require payment gateways like Mastercard, Visa, etc. to add OTP/Email authentication service so the consumer receives a request to authenticate before the international merchant charge can be processed.
Consumers also highlighted that a mandatory OTP by SMS or email will also protect Indian bank issued credit cards from theft and hacking. Currently if the information of an Indian bank issued Credit Card is compromised, it can be used on international websites easily. According to consumers, if the OTP is made mandatory for all transactions, then such risk is greatly minimised.
LocalCircles is making the above submission to Department of Consumer Affairs so the same can be taken up for action with MEITY and if required the RBI and Ministry of Finance.
You may also like: