RBI issues circular on credit & debit cards
The Reserve Bank of India (RBI) has revised the rules governing debit and credit cards, instituting penalties for banks that issue or upgrade customer cards without prior consent. It has also opened the door for non-banking finance companies (NBFCs) to issue credit cards with the regulator’s prior approval.
The regulator has instructed banks to ensure that overdue interest is not added to the loan principal, resulting in negative amortization. Banks have also been instructed not to capitalize unpaid charges, levies, and taxes to compound interest.
The new guidelines will take effect on July 1, 2022, and will apply to all scheduled banks and NBFCs.
Banks with a net worth of Rs 100 crore or more are permitted to conduct credit card business either independently or in collaboration with other card-issuing banks/NBFCs. After RBI approval, urban cooperative banks (UCBs) with a minimum net worth of Rs 100 crore and a core banking solution in place can issue credit cards.
The credit card issuer must honour any credit card closure request within seven working days, subject to the cardholder’s payment of all outstanding balances. Following the closure of a credit card, the cardholder must be notified immediately via email, SMS, or other means.
Cardholders must be given the option of submitting a request for credit card account closure through a variety of channels, including a helpline, a dedicated email address, Interactive Voice Response (IVR), a prominently visible link on the website, internet banking, a mobile app, or any other mode. Failure by card issuers to complete the closure process within seven working days will result in a penalty of Rs 500 per day of delay payable to the customer until the account is closed.
If a credit card has not been used for more than a year, the process of closing the card must begin after notifying the cardholder. If the cardholder does not respond within 30 days, the card account will be closed by the card issuer, subject to payment of all dues by the cardholder. Within 30 days, the information regarding the closure of a card account must be updated with the Credit Information Company(s).
Unsolicited card/upgrade distribution is strictly prohibited. If an unsolicited card is issued/an existing card is upgraded and activated without the recipient’s explicit consent. The latter is billed for it, and the card issuer must not only reverse the charges immediately but also pay the penalty without demur to the recipient equal to twice the value of the charges reversed.
Card issuers must obtain One Time Password (OTP)-based consent from the cardholder before activating a credit card if the customer has not activated the card within 30 days of its issuance.
Consent for the cards issued or other products/services offered in conjunction with the card must be explicit and not implied. In other words, before issuing a credit card, the applicant must provide written consent.
The interest rates charged to various categories of customers must be made public by card issuers via their websites and other means. Card issuers must disclose to credit cardholders the methodology for calculating finance charges, along with illustrative examples, especially when the customer pays only a portion of the outstanding balance.
The terms and conditions for payment of credit card dues, including the minimum amount due, must be specified to avoid negative amortization.
Card issuers must include a one-page Key Fact Statement with the credit card application that details the critical aspects of the card, such as the rate of interest and the number of charges, among other things. If a credit card application is rejected, the card issuer must provide the specific reason(s) for the rejection in writing.
With the approval of their Boards, Scheduled Commercial Banks (SCBs) other than Regional Rural Banks (RRBs) with a net worth of 100 crores or more are permitted to engage in credit card business either independently or in collaboration with other card-issuing banks/NBFCs. SCBs (excluding Small Finance Banks and Regional Rural Banks) wishing to establish separate subsidiaries to conduct credit card business must obtain prior approval.
What is the RBI mandate on credit cards?
The Reserve Bank of India (RBI) has asked all merchants and payment gateways to remove sensitive customer data from cards saved on their end and instead use encrypted tokens to carry out transactions to make online payments safer and more secure. The new rule will go into effect on January 1, 2022.
Banks have begun informing customers about the changes. “Effective January 1st, 22! Merchants will delete your HDFC Bank card details saved on their website/app by the RBI mandate for enhanced card security. “To pay each time, enter full card details or choose tokenization,” says an SMS sent to HDFC Bank customers last week.
To improve data security, the RBI issued guidelines in March 2020 stating that merchants will not be permitted to save card information on their websites. It issued new guidelines in September 2021, giving businesses until the end of the year to comply with the regulations and providing them with the option to tokenize.
When you use your debit or credit card for a transaction, the transaction is executed based on information such as the 16-digit card number, the card expiry date, the CVV, and the one-time password or transaction PIN.
A transaction is only successful if all of these variables are correctly entered for a specific transaction. Tokenisation is the process of replacing actual card details with a unique alternate code known as the “token.” This token is unique for each card, token requestor, and device combination.
Beginning in January, when you make your first payment to a merchant, you will be required to provide them with your consent via an additional factor of authentication (AFA). After that, you’ll finish the payment by entering your card’s CVV and OTP.
Contrary to some people’s fears, Under the tokenization arrangement, certain sections of the media would not be required to enter card details for every transaction. “The Reserve Bank’s efforts to deepen digital payments in India and make such payments safe and efficient will continue,” the RBI stated in a press release.
Edited by Prakriti Arora