A new Notification from the Reserve Bank of India (RBI) says that banks no longer need to have an additional layer of Authentication for transactions under Rs. 2,000. no need to use an OTP to transact with a credit or debit card, as long as the amount is less than Rs. 2,000. No more Paytm for Uber and faster payment from Amazon, isn’t it? it not? Well, if you read the notification, it’s not about that at all.

In the notification, the RBI states that customer consent must be taken when making this solution available, which means that you, the customer, can choose whether to stick to the OTP for each transaction, a rule that was introduced in 2014.

“This waiver is a big step in the right direction to make it easier and easier to use cards instead of cash and will strengthen the foundations for India to become a leading digital economy,” said Amit Jain, Chairman of Uber India.

Rival Ola said, “We welcome the Reserve Bank of India’s timely decision to remove two-factor authentication for low-value, card-less transactions. This will certainly encourage more users to switch to debit and credit cards for online transactions. Payments.” Snapdeal CEO Kunal Bahl tweeted that removing two-factor authentication for low-value transactions will boost e-commerce.

What does the RBI say?
In the notification, the RBI describes a system where you can move from existing authentication systems to one where card networks are responsible for the security of your data. Here is the actual text of the notification (emphasis ours):

The Reserve Bank has received requests from some segments of the industry to review the AFA’s requirement for low-value card-absent (CNP) online transactions. As most of the requests were for merchant-specific relaxations on AFA requirements, they were not appropriate at the system level. An alternative solution, proposed by authorized card networks should meet the objective of customer convenience with sufficient security for low value transactions. In this model, the the card-issuing banks will offer the respective card networks’ “payment authentication solutions” to their customers on an optional basis. Customers opting for this facility will go through a one-time registration process requiring entry of card details etc. and AFA by the issuing bank. Subsequently, registered customers will not be required to re-enter card details for each transaction at merchants who offer this solution and thus save time and effort. In this model, the card details already recorded would be the first factor while the credentials used to connect to the solution (as confirmed by the card network providing the solution) would be the additional authentication factor.

In order to use Relaxed Authentication (for transactions below Rs. 2,000), you will first need to register with your card network, create a username and password, and then save all your details. map. To make a payment, you will be able to use these credentials instead of having to enter all your card details, but each individual transaction still needs to be verified with your password.

The RBI is not ready, it seems, to allow you to register your card details with Ola, Uber or Amazon and then use it without further hassle. Instead, it simply replaces an OTP with another password. Your bank may choose to offer to allow MasterCard or Visa to offer a secure connection – so you choose to pay and then you are taken to a web page where you will need to log in with your username and password to complete the transaction. This kind of system is already present in other parts of the world, under the aegis of MasterPass, and Visa Checkout.

Recurring transactions won’t get any easier
Want to pay for your Ola ticket quickly and hassle-free? Fill your Ola money and the rest of the process is frictionless. Thinking of buying a few HDMI cables from Amazon? Use Amazon Pay for faster payment. If you thought you could use this new feature to speed up your card transactions, we have bad news for you.

If you regularly transact on apps like Ola, Swiggy, Amazon, etc., you’ve probably already registered your credit or debit card. In such a scenario, when paying, you select your card, enter the CVV/CVC, and then you are redirected to the authentication page. This can be done via an OTP or your ATM PIN as it is now, or the new password we talked about above.

In short, if your card is already registered, this notification won’t affect you at all and just leaves you with another password to remember – and we all know how bad people are when it comes to working with it passwords. If you are looking for a way to simplify your recurring transactions, the RBI notification does not bring you any relief – the new authentication system will not be faster or more convenient.

Is there a benefit?
If you shop on several different sites, using this system will be useful because you will not have to enter your card details in each store you visit. It’s no small use case – this new system will make it easier to use a number of different sites, without having to share your card details in so many places.

Also, many people feel insecure about registering their card details on sites they are unfamiliar with. You may not trust the security measures the sites take to protect your card details and therefore do not want to save your card details. In such a scenario, being able to transact quickly just by entering a username and password is an attractive prospect.

This of course assumes that your bills will remain under Rs. 2,000 – and note that this is the upper limit of what is allowed, banks may set lower transaction limits for customers as per the notification – but for many of us, that shouldn’t be a problem. If you switch between a number of apps to take advantage of offers and cashback, this feature will make it easier to use them without saving your information in dozens of hands.

You should probably stick with OTP
If you regularly use a handful of apps, it might not be worth setting up this new form of authentication. Yes, waiting for an OTP to arrive is extremely annoying, but it gives you extra security, and you will have to do this anyway for any large order.

If you’re an early adopter of online services, you may already have your card registered at a few different stores, and you won’t really save time by switching to this new form of authentication. And if you’re security conscious enough not to keep your cards in a folder, do you really want to use a system where a simple username and password is the only layer of security in your hands?

Stick to OTP for all transactions, and it’s much less likely that someone else will be able to use your card, regardless of the value of the transaction.

We’ve discussed everything you need to know about RBI’s new payment metrics on Orbital, our weekly technology podcast. You can either subscribe through iTunes or RSS or just hit the play button below.