Visa Will Kill OTP For ‘Routine’ Digital Payments; Only Risk-Based Prompt Will Work
In the recent news, the global card network provider Visa is looking forward to phase out the two-factor authentication process (2FA) for digital payments in India. They instead aim to replace it with a risk-based prompt, where transactions deemed unusual or risky by banks would be vetted through an OTP check.
Phasing Out the 2FA Process
According to Visa, in order to bring the system of digital payments in India in line with the ‘global best practices’, the routine card transactions could instead have a ‘risk-based prompt’ system and the risks could be for those transactions deemed such by banks.
Joe Cunningham, Head – Risk, Asia Pacific, Visa believes that the company thinks using two-factor in a risk-based manner is better and will give customers a seamless experience.
Cunningham said the new system would encourage adoption of digital payments and help the industry’s growth, which is mostly powered by the e-commerce sector. This could possibly give the consumers a wonderful experience, as some friction needs to be removed.
What is 2FA & How Do They Plan to Disintegrate this Step?
Typically, transactions through debit and credit cards on these platforms are authenticated through two security layer process known as the 2FA.
Under this two-factor authentication, a customer has to first fill in the debit or credit card number, date of card expiry, name and the CVV number, and then verify the transaction via a mobile or email OTP to finish, which Visa feels is not necessary for all transactions as most of them are “routine.”
Hence, the new proposed process is a risk based monitoring of transactions that would eliminate OTPs for routine transactions, i.e., the ones involving low risk and low value from a known IP address to be determined by a data vetting standard, called EMV 3D secure. The company has already implemented this in Singapore and Australia.
The financial services provider plans to hold discussions with Indian regulators and its partner banks on strategies to relax the 2FA norms over time, to bring it in line with global best practices.
Cunningham also added that transactions should be allowed to flow more fluidly and the adoption of digital payments and ecommerce should be encouraged only in cases where Visa’s clients (banks) deem these transactions to be a prior risk then a prompt is required for an extra factor authentication.