Reserve bank of India advised banks to put additional security feature for all debit and credit card transaction which is biometric validation supported by Aadhar card. RBI issued a note dated 26 November 2013 about Security and risk migitation measures for card present transaction. Full note is as under.
A reference is invited to our circular dated September 22, 2011 on security issues and risk mitigation measures related to Card Present (CP) transactions, along with circulars dated February 28, 2013 and June 24, 2013 on security and risk mitigation measures for electronic payment transactions wherein various timelines were indicated for accomplishment of tasks for securing card and electronic payment transactions.
2. It may be recalled that the “ Working Group on Securing Card Present Transactions“ (Chairperson: Gowri Mukherjee) set up by RBI, had recommended the evaluation of UIDAI’s Aadhaar as an effective alternative for additional factor of authentication for domestic transactions subject to fulfilment of certain tasks stated therein. In order to evaluate this recommendation, another Working Group was formed by RBI to assess the feasibility of Aadhaar (biometric validation) as additional factor of authentication for card present transactions.
3. The recommendations of the Working Group have been examined by RBI. After taking into consideration the developments that have taken place in the card payment ecosystem as well as the scalability and effectiveness of Aadhaar over a period of time, the banks are advised as follows:
In respect of cards, not specifically mandated by the Reserve Bank to adopt EMV norms, banks may take a decision whether they should adopt Aadhaar as additional factor of authentication or move to EMV Chip and Pin technology for securing the card present payment infrastructure.
All new card present infrastructure has to be enabled for both EMV chip and PIN and Aadhaar (biometric validation) acceptance.
4. The directive is issued under section 18 of Payment and Settlement Systems Act 2007, (Act 51 of 2007).
5. Please acknowledge the receipt of this circular.