One RBI Decision That Handicapped India
Update: Good News! RBI has waived 2FA for transactions under Rs 2000 on December 6th 2016.
It was 2009, the e-commerce industry in India was at the cusp of a hockey stick growth curve, transactions were going smoothly until one day, the Reserve Bank of India decided to enforce 2 Factor Authentication to all credit/debit card transactions online.
It was a Disaster
The RBI, Indian banks and other ignorants seem to laud this decision of the RBI, most sycophants of the RBI (read Banks) lauded this decision simply because they didn’t have to pay out of their pocket for fraud transactions, without 2FA, the banks would have to bear this cost.
Without 2FA (Customer Wins)
- Fraud Transaction Happens
- Customer Calls Bank
- Bank Has to Refund the Charge in accordance with regulations
- Bank Loses, Customer is Safe.
With 2 FA (Bank Wins)
- Fraud Transaction Unlikely to Happen because of 2FA
- If Fraud Transaction Happens (Example Here)
- Customer Calls Bank
- Bank Says Customer is Responsible for Transaction because of 2FA
- Customer Loses, Bank Wins
Life Without 2FA
If there was no 2 FA in India, this would be your life
- Buy Apps from Google Play Store or Apple App Store seamlessly
- Uber charges your DC/CC directly without need for the Paytm nonsense
- Amazon/Flipkart would enable features like 1 Click Checkout where you could click buy and the transaction would immediately go through
- You can use Google Apps for your business at a lower cost without resorting to retailers
- You can pay for subscription services online like Big Flix or Netflix, Saavn or Spotify or Apple Music
- Make in-App purchases
Life With 2FA
- Your Card is Declined for payments at Google Play store or Apple App Store *
- You need to pay Uber by CC/DC/Paytm/Airtel Money manually after each trip. Paytm is not convenient, it is just a broker.
- You need to pay in Cash for Amazon features like ‘Subscribe & Save’ (In US, it’s card payment)
- You can’t use your CC/DC to buy books directly from your Kindle
- Your Card is Declined for payments at Google Apps*
- Your Card is Declined for payments at Spotify, Apple Music, Saavn, BigFlix, Netflix etc.
Let me give you a simple example, in the US, everyone uses only 2 modes of payment in society for more than 90% of the transactions.
- Credit/Debit Card
- Credit Card
- Debit Card
- Internet Banking
The list will go on forever.
In US, everyone knows how to buy online, it is a simple process.
- Enter Your Card Details
- Click Buy
- Choose Mode of Payment
- Enter Details like ID/Pass or Card Details
- Wait for OTP and Enter OTP
- Click Buy
Let’s ask ourselves a simple question, does RBI think US is stupid?
It was Americans that invented the credit card and they probably know how to counter fraud with Credit Cards, so we could adopt the same approach that they do, i.e no 2FA.
If we think of ourselves as smarter than Americans, that is a good thing, but being smart can’t we understand that convenience trumps security every time?
If India wants to use 2FA, why not create our own mode of payment and use that? Why use some thing called a credit card invented by Americans.
My mom feels it is too hard to pay online, she is a well educated corporate woman and she feels it is too hard. If she were in US, there would be no 2FA and her Uber rides and online shopping would be a breeze.
How many millions of such people exist who have credit and debit cards but can’t use them because it is too difficult to use? They still use services provided by these companies, but using a mode of payment called ‘Cash on Delivery’.
How Is 2FA a Handicap?
Most people think that 2FA is for their own security, in reality, it is just a shift of liability from the bank to the user.
The real reason that 2FA is a disaster is that people are using cash as an alternative to online payments, this means that Indian online purchases have dramatically increased but the payments are still stuck in the age of CASH!!!!.
Cash has a Lot of Disadvantages
- It is unaccountable aka BLACK
- Costs the government more to have physical money in existence than for electronic money
- If you have it in physical form, you can’t transfer it unless you physically meet the person
- Dangerous to Hold in Bulk
- Government doesn’t get a single paisa in tax unless people declare(which many people are tempted not to do)
- We don’t know if the transaction really happens unless it’s reported
The list will go on forever, but you get the picture.
Let’s ask a few simple questions to all the advocates of 2FA,
- Does having more CASH transactions help anyone?
- Does the cash handling charge not match or exceed the amount that is lost in fraud?
- Does India not have Law and Order where we can find and penalize the fraudsters?
- Why do you believe in Prepaid and not Postpaid?
- Who is responsible for all the returns for Cash On Delivery orders? Is that not a loss for companies?
- Is it Smart to ask all the major corporations in the world to change just because we have a illogical policy? Apple Pay, Google Wallet, Paypal, Alipay all work without 2FA. Somehow, all countries except India are doing quite well even without 2FA.
- Can’t we educate our citizens for safer usage practices rather than be the decision makers for them?
- Why do dirty politicians and businessman get things according to their convenience but small startups have to deal with antiquated institutions like the RBI?
- Is the World going global or local? With most transactions internationally not following 2FA, do we expect that Indians won’t buy anything from outside this country?
I want to ask all the multi billion dollar companies like Amazon, Uber etc a simple question. You have Billions of Dollars to open up a new market such as India, you have dealt with regulator all around the world.
You could not convince a Indian Governmental Organisation like the RBI to change a silly policy that would add billions to your coffers and probably give you enough profit to pay for the fraud many times over.
The global percentage of fraud is 0.565% of the total transaction volume. $16.31 bn out of $28.8 trillion (Source)
Who’s been hit the worst?
The worst hit industry is the startup industry, startups which depend on credit card payments to ensure speedy service are hit in such a way that can only be got back on track when 2FA is removed.
Any startup which wants to charge on a subscription model can’t do it because of this handicap.
2FA doesn’t allow for convenience and simplicity and has created an aura of confusion around online payments which is the opposite of what should be done to ensure mass adoption.
Will UPI Solve the Problem?
The much touted solution to this disaster is a proposed solution called UPI that has just started a few days ago. UPI has features like
- Person to Person Payments through Virtual Addresses
- Person to Merchant Payments through Virtual Addresses
- A Virtual Address is a alpha numeric key that can be used instead of bank account details
- Single Authentication for Recurring Transactions
Basically, it has many of the features that are lost out due to 2FA on Credit Cards.
However, I doubt if it will solve the problem of payments. The world operates on credit, that is our monetary system, across the world, it is a debt based system. UPI doesn’t take advantage of this credit based system at all, it wants people to use only the amount they have in their bank account, which is illogical.
What Can We Do?
We can either pray that RBI realizes this mistake and makes this optional or we hope that some big company like Uber or Amazon will get RBI to change this policy or we can write some letters to RBI stating the flaws of this system.
Whatever we do, 2FA is a handicap to Indians. It has to be removed or improved.