RBI: Companies Using a Foreign Gateway Must Still Use 2FA for CNP Transactions

Last week, the Reserve Bank of India (RBI) mandated that companies that accept card-not-present transactions in India using a foreign gateway must abide by regulations that require two-factor authentication.

According to the new site Card Not Present, the Indian central bank decided to take action after the launch of the taxi app and service Uber launched in India. In India, passwords are required for payment in card-not-present (CNP) transactions. However, Uber charges customer cards automatically after a driver drops a customer off at his or her destination and new further verification of the customer’s identity is required.

Since Uber was using a foreign gateway and funds were leaving the country, the taxi service insisted that it was not subject to India’s two-factor rule. The RBI is now insisting that it is.


Related reading