This password will automatically get generated the first time you carry out an online transaction requiring your credit card from August. You'll need to know the basic details such as DOB, Credit Card Pin, CVV etc. It's a nice security step.
RBI never sponsored or stated specific systems such as Verified by Visa or Mastercard UCAF/SPA in its directive. Before, the entire banking industry in India goes on this bandwagon, it is best to simply learn about the experience of cardholders and online merchants as it concerns these two systems. Just google †verified by visa 2009 †or go to this link : http://www.boingboing.net/2009/03/28/verified-by-visa-bri.html. VBV or UCAF/SPA static passwords can be easily phished. Once phished and used by fraudsters, it then makes it very difficult (not impossible) for the legitimate cardholder to dispute a fraudulent online payment made with his VBV or UCAF/SPA credentials. On the other hand, fraudsters can easily collaborate and share each other’s VBV or UCAF/SPA credentials and then dispute the charges with the issuing banks. The issuing Banks can never prove that the cardholder’s static VBV or UCAF/SPA’s credentials were not phished or compromised. It surprises me that India, the world’s technical resource, would copy the errors made by the Banks elsewhere in the world that tried introducing VBV or UCAF/SPA. It is relatively simple for anyone to do a google search on Verified by VISA and realize that it has not been successful in other parts of the world. At least banks in other parts of the world and online merchants were not mandated to implement these systems. Be wary of mandated systems. A good security system never needs to be mandated.
^^^ I feel it is a good move as having a second line of protection is always better than not having it at all! Regards, RightMan
i believe forcing to use secure code cause a large inconvenience as most people tend to forget passwrds a lot. of course it give good degree of protection!
Wait till you enter your VBV or UCAF/SPA credentials into a stub you think is legitimate only to unknowingly give your credentials to a fraudster. Then, let us know how protected you are in disputing fraudulent online payments made with your VBV or UCAF/SPA credentials. This MANDATE reminds me of products that are rejected in the west only for other parts of the world, such as INDIA to fully MANDATE the use and take-up.
What about auto-debit functions? All my YSM, Paypal, MSN, Facebook transactions are declined. Sucks. I have no idea what to do now.
If you are paying with your credit card outside india, you are screwed and most transactions will be declined. Please understand that international merchant establishments cant redirect to your indian bank for secure password and if not done the transaction will not go through. This is bad move by RBI to discourage indian credit card users doing foreign currency transactions.
Fuch the indian administrators. All my payments to adwords have been declined. I am no longer being able to pay godaddy for renewing my domain names! What should we do now? Buy virtual credit cards from foreign banks?