In an attempt to combat the increasing credit card frauds and misuses, the Reserve Bank of India, has issued a directive to credit and debit card issuing banks with an aim to provide additional security measures for card transactions.

The directive ‘Credit/Debit Card transactions-Security Issues and Risk mitigation measures' was issued by RBI on February 18, under Section 18 of Payment and Settlement Systems Act 2007.

Presently there are three important security parameters on a card - the card number, the expiry date and card security code known as Card Verification Value (CVV), all of which are on the card. As per the directive, in addition to existing security parameters, the cardholders must have some additional validation/authentication information or security code other than information visible on the card.

The directive also mandates banks to put in place a system for online alerts. This system would send alerts for ‘card not present' transactions exceeding Rs 5,000. The directive also cautions the banks of the penalties under the Payment and Settlement Systems Act 2007 (Act 51 of 2007) in case of non-adherence.

In wake of the increased fraudulent transactions, which put the customer trust at stake many private players have been working to fortify their security systems. Banking majors ICICI, HDFC and Kotak Mahindra have been offering more secure Virtual Cards. A Virtual Card (also called controlled payment numbers) generates a new code each time it is used. It is different from CVV. In case of a virtual card, a customer has to enter a new code on the merchant's website and CVV numbers remains undisclosed.

Similarly, Netsafe is an online secure payment solution offered by HDFC Bank. Sanjeev Patel, EVP and head, direct banking channels, HDFC Bank, said, "It is a limited period validity number."

Similarly, Securecode by MasterCard and Visa's Verified by Visa are personalised passwords solutions. T.V. Seshadri, vice-president and country general manager, South Asia, MasterCard, said "Much like the authentication process required for payment card use at ATMs, SecureCode requires cardholders to enter their personal code in an online window on their PC before a transaction can be processed. Even if someone knows their credit or debit card number, the purchase cannot be completed without their SecureCode at a participating merchant."

Most banks have additional security measures, like virtual passwords. The precondition for these to work is a prompt on merchant sites to enter the code, as Seshadri said, "The card-issuing bank, the retailer and the retailer's acquiring bank will all have to participate. Even if one of these entities does not participate, the cardholder is not prompted to enter the SecureCode."