Foreign credit card acceptance. (domestic flights)

Payment Security Exp

RBI never sponsored or stated specific systems such as Verified by Visa or Mastercard UCAF/SPA in its directive.

Before, the entire banking industry in India goes on this bandwagon, it is best to simply learn about the experience of cardholders and online merchants as it concerns these two systems. Just google ” verified by visa 2009 ” or go to this link : http://www.boingboing.net/2009/03/28...-visa-bri.html.

VBV or UCAF/SPA static passwords can be easily phished. Once phished and used by fraudsters, it then makes it very difficult (not impossible) for the legitimate cardholder to dispute a fraudulent online payment made with his VBV or UCAF/SPA credentials.

On the other hand, fraudsters can easily collaborate and share each other’s VBV or UCAF/SPA credentials and then dispute the charges with the issuing banks. The issuing Banks can never prove that the cardholder’s static VBV or UCAF/SPA’s credentials were not phished or compromised.

It surprises me that India, the world’s technical resource, would copy the errors made by the Banks elsewhere in the world that tried introducing VBV or UCAF/SPA. It is relatively simple for anyone to do a google search on Verified by VISA and realize that it has not been successful in other parts of the world. At least banks in other parts of the world and online merchants were not mandated to implement these systems. Be wary of mandated systems. A good security system never needs to be mandated.

gaurav1441

RBI guidelines just ask for an extra authentication layer which most banks have made to seem as VBV or Master Secure as it passes on liability to customer.

HSBC Card holders would have to use a key instead of VBV or Master Secure. Key seems to be more secure but do not wish to have a key for every credit/debit card.

indracal

Being an HSBC India card holder myself, I can tell you that HSBC provides a device (RSA key generator I think), which is needed to logon to your HSBC Credit Card/Bank account along with the regular password and Internet Banking ID. It will also be needed when you try to do a transaction from their NetBanking portal, e.g. trying to transfer money to some other account

But, when you try to transact on an online portal (say to buy an airline ticket), you don't need that device. You just need to remember your VBV/MSC password and provide the CVV, card nos and related details.

And - under one NetBanking ID, you can choose to add more than one card.

__________________
Did you wear the other person's shoe today?

miki64

To make online shopping safer, the RBI has made it mandatory for all online transactions to have an extra level of authentication from August 1, 2009 onwards. The 'extra' level of security is a password that you will have to enter after submitting your credit/debit card details when making online payments. You will require this password for transacting on www.flykingfisher.com and other websites in India

Can you help me. what's mean this? I could'nt use my credit card online if it isn't registered in one of the bank that are in their site?
thid id only for online transections?

nycank

Not True: I just tried a transaction with an indian company, that just did that - Ask me for a password. Called their toll-free number. I guess the call-centers as usual are polite, but useless and clueless.

__________________
bade bhaisaheb is outsourced

pibikay

I do not know the nature and extant of the new guidelines issued by RBI
Whenever i use my mastecard for online delas I amreferredto Mater Secure site where I enter the i.PIN.
But there is another curious feature I used my card at a Merchant Establishment fors over Rs5000/- I had a message on my mobile and also a e.mail informing me about the transaction and to contact them if the transaction was not genuine.My son from th eUS was horrified and said that it amounts to invasion of privacy and taht in the US the bank can be sued for such an action.
What is the correct position

indracal

That shows why US finance system failed like a pack of cards !!

But jokes apart, I would have taken this as a fantastic security mechanism.

In case you are buying the product/service, you know that the transaction passed. This can be handy in case the transaction is approved but somehow the merchant device could not print it out (happened with me once ) - in such case, they would like to get your card swiped again which is a double charge. If you get an SMS (you may not have mail access right at that time), you would not allow them to do the 2nd swipe, would you?

And in case of fraudulent transaction, you would stop the bank immediately and block the card, saving a lot of financial hassle and mental agony

And lastly, I don't understand why it would be a breach of privacy! It's your card, it's your mobile and it's your mail ID which are involved in this security process, and the system is automated, so no human would know what transaction you are making at what time

Precisely what you're supposed to do!

MasterCard SecureCode (MSC) and Verified by VISA (VBV) are 2 security processes launched by the respective cos. While registration, it allows you to add a string (apha, number and space, no other char) and the password. After that, when you buy something from a portal which supports these programs (All Indian portals will have to support this now vide the RBI regulation), it shows the bank logo, the text (so that you understand it's your card issuer by whom the charge is getting processed) and the password is to be entered by you. Apparently, this is for providing you better security during online purchase, but if you google, you'll see a lot of anguish about these.

nycank

I have my CC do this for all preset amounts. My CC companies know what limit on which they have to act. An Indian services company, due to a glitch double charged my account; Amex automatically rejected the second

fdcosta

I have successfully used a foreign Amex card on the Indian Airlines website without any problems. The trick, as explained to me by their very helpful helpdesk is to use the card during Indian office hours, as the foreign credit card portal is not open 24hours. You need to try between 9 am and 5 pm Indian Standard Time, or something like that.

Cheers

sarah_wales

I tried to book the following Jet Airways flights on their website:
Udaipur to Goa via Mumbai and
Goa to Mumbai.

However the payment declined (Tried UK issued Egg Visa and UK issued HSBC Mastercard).

Thanks to the suggestion of Banksie and Steven_Ber I have now booked them through http://www.expedia.co.in
Worked perfectly, booked them on my Mastercard.

The total cost was cheaper too, was £312 on the Jet Airways site and Rs.18,824.00 on Expedia (approx £245).