Indian Ink
Published in

Indian Ink

Should I say goodbye to my wallet?

Navigating the pitfalls of India’s evolving digital payment world

Paying by phone is taking off n India (Photo by Albert Hu on Unsplash)

UPI, India’s innovative online payment system, has been a disaster during the first few days of December, 2020. The banking industry is getting tons of complaints of payment failures. I can confirm this. My UPI payments have been failing regularly, especially on ‘Scan & Pay’ during peak consumer spending hours (5–8 pm). It would seem that social distancing has caused people to avoid cash and card in favor of UPI which is contactless.

In October, there were 2.2 billion UPI transactions worth nearly ₹4 lakh crores. In comparison, there were only 149 million and 352 million credit and debit card transactions respectively. The computer servers in India’s banking system were just not ready for this huge increase, and are crashing. Hopefully, the banks get their act together soon.

The ABCs of payment modes

Meanwhile, in the real world, my daughter has just joined a University. It’s around 200km from home, which is about four hours away in India’s road conditions. Classes have commenced but she’s yet to lay eyes on her University campus, and it’s all online learning. As the virus is coming under control in south India, the campus may open its gates by Jan. So she’s been asking about handling her own finances, and this post also doubles as a kind of ‘Intro to payment modes in India’ for her.

The problem is India has a rapidly changing and wide variety of payment modes and even I’m struggling to get a grip on it. So this is a learning exercise for me too. For clarity’s sake, I’m going to divide it into five broad sections.

  • Digital Payments replacing physical transactions like cheques, DDs…
  • Paying by phone (UPI) instead of using cash or cards
  • Paying with Credit cards, Prepaid cards, Virtual Cards, etc
  • Using a phone as officially issued virtual IDs (driving license, etc)
  • Security issues with having a financial presence online

Digital stages a coup but Cash is still king

If none of your income is in cash, then theoretically you don’t need to carry your wallet anymore. That’s because your phone can do all your wallet does. Well, almost all, but it’s getting there.

Till not too long ago, financial transactions happened offline in India. For the common man, cash was king. That was the only way he would pay for stuff. So online stores like Amazon and Flipkart found it hard to sell in India. People were used to having a product in hand before paying for it. They couldn’t conceive of paying in advance for stuff that would be delivered days later.

I think it was Flipkart that finally broke this roadblock by coming up with the option of ‘pay on delivery,’ which has never been done anywhere else in the world. It was only after this that online sales finally started happening. Over time, online sellers built up trust, and today most Indians don’t mind using credit cards to pay in advance as they know their money is safe.

As for businesses, they issued cheques as these would take a couple of days to arrive at the issuer’s bank, only after which they could be encashed. This gave the businesses a little breathing space to arrange funds. But the online revolution was hard to resist, and most businesses now do online transfers.

Personally, I have always had trouble counting huge wads of currency notes. I also dislike cheques, and demand drafts as they are slow, cumbersome, laborious, error-prone, and result in mountains of paper records. These need to be painstakingly filed away if they are to be of any use. When email replaced snail mail (postal system) for communication, I recall hoping something similar would happen in financial transactions. Well, it’s finally beginning to happen.

However, cash isn’t going away any time soon.

The paperless world is still some way off (Photo by Ian Panelo from Pexels)

Black Money

This is why cash is here to stay. Only 1% of Indians pay income tax (15 million of India’s 1,380 million population). Cash rules in India, and it’s hard to track who earns how much. If you don’t know that, you can’t tax them. This is true at both ends of society. Blue-collar workers get paid in cash. Professionals like doctors do pay taxes on their salary, but their major income is often from private practices where patients pay cash, which is hard to track. Businesses also prefer cash in hand, and some shops even charge more for products/services if you insist on a bill.

The changing times are visible at supermarket checkout counters. 10 years ago, nearly everyone was paying cash and the credit card machines or POS (Point of Sale) terminals were mostly unused. Since all of my income is accounted for, I used to be the odd one who always paid by card (in the hope of collecting reward points to encash). I would get a lot of dirty looks as I often held up the queue because those early POS terminals took an eternity to connect, and often didn’t. At which point, I would quietly pay by cash, and pretend I couldn’t see the fumes coming out of the ears of those in the queue.

These days the POS terminals connect in three seconds or less, and I see many people paying by card. I presume they are the salaried class. But there are others who pull out big wads of currency notes. They must be either be in business or have some sort of private income via professional consultation, like doctors, architects, lawyers, designers, etc.

Cashless means digital means trackable

The Indian government realized that the only way to increase taxes is to minimize cash transactions and push digital transactions, as they can be tracked and taxed. As a result, India’s monetary system is rapidly changing. Online banking has been in place for some years now and has more or less replaced traditional banking for the salaried class. Sadly, it’s only this class that’s getting taxed. A lot of the big money transactions are still partly in cash, and they still don’t pay taxes.

An Online Banking Blooper

The other issue is online banking is still a work-in-progress. It was initially only possible via secure banking websites. But banks soon realized they were missing out as Indians are more likely to have phones than laptops. So banking apps began to pop up.

Being an incorrigible early adopter of new technology, I jumped into app banking as soon as it launched in India. As expected, it was glitchy, and that led to goof-ups. On one notable occasion, I accidentally repeated a payment, not once but thrice. What fooled me was the app had hung and I didn’t get the usual confirmation of payment (SMS). So I had one of my occasional brain-fades, assumed the payment had failed, and paid again, and again.

Fortunately, I’m aware of my propensity to do dumb stuff and had limited my online banking experiments to people I trusted. In this case, it was my tennis club, and the coach had a good laugh when he told my friends about being paid four times over.

UPI makes paying by phone easy… sort of

The first step to getting rid of your wallet is to create a digital online wallet. There are quite a few of these. Paytm was one of the first, but we now have PhonePe, AmazonPay, Jiowallet… Basically, you credit money into one of these wallets and then pay for stuff from there. This means your risk is limited to the money in the wallet.

Sounds too good to be true? It isn’t. For reasons beyond my comprehension, you can use these wallets to make online payments for your bills like mobile, electricity, gas or even use it to pay for shopping at online stores like Amazon. But you can’t use them for ‘scan & pay’ points like at your local supermarket. I assume there are some serious security issues.

Bummer.

What is UPI?

UPI (United Payment Interface) is an innovative system by the Indian government that is linked to India’s banking system. It’s a simple but powerful software that turns your phone into a tool that can send/receive money, and make payments. Anyone using the UPI system is allotted a UPI ID, which is represented by either a QR code (that can be displayed on a phone screen or sent to someone) or a UPI ID as simple as yourphonenumber@xyz.

Using UPI to pay for shopping is easy. You scan a QR code at the store’s cash counter using a UPI payment app. You will be prompted to enter the amount on your bill, and a payment description for your reference. You then click ‘pay’ and enter the 4-digit passcode, created while initially setting up the UPI payment app on your phone. The app then connects to your bank account via the UPI system and transfers money from your account to the retailer’s bank account. This happens instantly and the store owner gets a message on his UPI- linked phone confirming receipt of the payment.

UPI gets around whatever the security issue was with online wallets. It takes the next logical step of doing away with wallets by allowing you to ‘Scan & Pay’ directly with your phone. Why bother with cards or cash when you can pay directly from your bank account with a few taps on your phone?

UPI has won praise in the West for its simplicity, security, and connectivity with India’s banking system. Anyone with a basic smartphone and a bank account can use the UPI system to pay for stuff, send and receive money, etc. There’s no comparable system in the West. UPI does have its teething issues, and I’m still trying to work out its kinks and make it reliable enough to let me have the confidence to leave my wallet at home.

UPI works through apps on your phone which are connected to your bank accounts. I have enabled several UPI apps to get a feel for this new payment system. These include the government’s original Bhim app, along with Paytm, Amazon Pay, Phone Pe, JioPay and Google Pay. Apart from dedicated payment app, most banks have the UPI feature built into their banking apps. WhatsApp has also just hopped onto the UPI bandwagon. With its huge user base, the social media giant has the potential to become the biggest UPI player.

Payment Blues

I see the current UPI connectivity issues and resulting payment failures are an opportunity to test the UPI system under stressful conditions and get to know its weaknesses and strengths.

The bankers say it’s just an issue of server capacity, and the UPI system should stabilize as soon as the banking industry gets more servers online.

However, I have my doubts about the bank’s servers being solely responsible for this mess. There are too many variables in the UPI payment scene. The bank’s network, the phone network, the apps, the phone’s OS, the kind of app (Google Pay doesn’t have a wallet and seems to be purely a facilitator app). Hopefully, things get sorted out soon.

Till that happens, here are a few temporary workarounds that may let your at least let your UPI payments function.

Link to multiple bank accounts

Most retailers have at least two QR codes at the checkout counters, which means they are already connected to two bank accounts. However, during peak shopping hours, all banking networks are overloaded and the resulting bottleneck must be what’s causing transactions to fail.

One way to get around this is to link your payment apps to more than one bank account, as the payment apps allow this. That way, you have a better chance of getting through if one of the networks is relatively less busy.

Use a banking app’s scan & pay function

Google Pay and Phone Pe handle 81% of the UPI payments in India and is followed by Paytm as a distant third. So my guess is if you use the banking apps inbuilt ‘scan & pay’ feature, it may have a better chance of success as it might bypass the traffic from Google Pay and Phone Pe. Besides, it may work faster as signing into the banking app would have already cleared one level of security checks. Please note this is just a guess. It worked a couple of times for me but will need to try it for a longer period to confirm.

Use an online-only bank account

This may be another way to get around the UPI outages. I have a couple of these online-only bank accounts. They are pretty useful as they allow you to load money into the account and even double as a virtual debit card, which identical to a normal card, with 16 digit number, validity dates, a 3-digit CVC number, and even a tie-up with MasterCard or whatever.

For example, if I visit a new website and am wary of giving my regular card, I just use my Airtel Payments Bank debit card. The account has only the few hundred rupees I loaded for transacting on that particular website, and my risk is limited to that amount.

These online-only bank accounts can also be linked to my UPI payment apps as alternative banks. I just have to ensure there’s money in them.

My experiments with UPI

A few days ago, I stopped to pick up some bananas at a local supermarket. I wasn’t carrying my wallet and was forced to pay with my phone. The store had two QR codes: Google Pay and Phone Pe.

My Google Pay via the store’s Google Pay was my preferred option. But that didn’t work. So I tried the store’s PhonePe QR code. No luck. Then I switched my Google Pay app to use my SBI account instead of my ICICI bank account, but that wouldn’t go through either. Next, I tried different combinations on Phone Pe. Again no luck.

As a last resort, I switched to my Paytm app, and the payment finally went through. Not that Paytm works all the time. On another occassion, I had tried paying at a store with my Paytm app linked first to my ICICI bank. When that failed, I tried the Paytm online bank. I thought the latter would work as Paytm via its own Paytm Bank might be smoother. But both attempts failed.

Yesterday, I tried using my ICICI banking app which has a scan & pay function. The payment went through at my first attempt. Will it work next time? I will have to experiment. It’s all a bit of hit and miss, as of now. Like ICICI has a wallet app called Pockets, which has a Scan & Pay feature. In theory, this is perfect as my risk is limited to just the money in the Pockets wallet in case of any fraud.

Unfortunately, the Pockets app is extremely glitchy on my phone. It sometimes hangs when I try to scan a code, or the keyboard does not appear when I need to enter the amount. Maybe it’s an iPhone issue though my OS is updated to the latest iOS 14 version. But in India, 99% of the phones are Android, and maybe ICICI hasn’t devoted enough time to iron out the kinks in the iOS app.

Sometimes, nothing works, and I keep getting messages saying my bank’s network is having connectivity issues. Eventually, I have to leave empty-handed from the store. But such occasions are becoming rare so I must be doing something right.

Credit Cards: good as a tool, bad for a fool

Credit cards are a useful tool. You can save money via offers and cashback (more on this later), and enjoy free credit periods of up to 45 days.

But there are caveats. The way credit cards work is by tempting you to buy things you can’t afford, and then making money from you, by charging exorbitant interest on the money you owe them. People who don’t pay the ‘total amount due’ every month are ‘ideal’ credit card customers.

I’m a bad customer. I only buy things I can afford to pay for in full, by the next payment due date which will be a max of 45 days. This way, I can avoid having to carry cash and take advantage of the interest-free period to pay later. I also usually avoid credit cards that charge an annual fee, unless they waive the fee for a minimum annual spend that isn’t too high.

Another word of advice. Credit card issuers can be absolutely shameless cheats. So always check your credit card statement. I have found the jokers charging me twice for the same payment and trying to pass it off as an error. On one occasion, they charged me the annual fee though I had actually covered the minimum spend. When I caught them out, they refunded the fee. If I hadn’t checked, they would have kept the fee.

Trust no one is a good motto in the credit card business.

Credit Card Interest Trap

Most kids fall into this trap because they don’t know how credit cards work, and give in to the temptation to buy stuff they can’t afford. They end up paying exorbitant interest rates and sometimes take years to clear their debt.

You should only use a credit card if you have the financial discipline to pay your bill on time, and pay in full, every month. If you miss the payment date or are unable to pay the monthly bill in full (even if you just short by a few rupees), you will be charged a horrendous interest rate. My card charges around 30% per year or 2.5%/month but some cards charge even more.

Let me illustrate with an example. Let’s say you have a bill of ₹10000 but are ₹1000 short on the due date. You pay ₹9000 and think it’s no big deal. After all, the 2.5%/month rate may be high, but it’s just 2.5% of the ₹1000 balance, and that’s just ₹25, right?

Wrong.

See what happens is, when you don’t pay the full amount, the bank charges you a monthly rate of around 2.5% on all fresh billing, and not just on the ₹1000 you owe them.

The next month, let’s say you buy a phone and rack up a bill of ₹40000. Add the last month’s bill balance of ₹1000. So you think your bill is ₹41025, right? Nope, your bill will be ₹42,025. You will pay an extra ₹1025 as interest.

Let’s say you again short of cash. So you pay ₹10000 of the ₹42,025 and are left with ₹32,025 balance. The next month, you cut down your spending to ₹10,000. Your bill will not be ₹42,025 but will include an interest penalty of ₹1051, making it ₹43,076.

So even if you spend only ₹10000 every month for the rest of the year, and pay that ₹10000 every month, you will still be paying an ever-increasing interest every month, which could add up to around ₹13,000 as interest payments by the end of one year.

Now if your phone breaks, and you have to buy a new one, your goose is cooked. Let’s say you paid ₹10,000 of your ₹43,076 bill. That leaves you with ₹33,076 outstanding. Your new mobile costs ₹30000 and your monthly spend is ₹10000. So your bill for the month will be approx ₹73,076 plus interest, which in this case would be ₹1850, and takes your bill close to ₹75000.

Even if you control your spending the rest of the year, that interest will keep adding up till you clear the full amount, and you could be paying a total of ₹20000 in interest in just that one year.

Never ever pay a credit card in part. That ‘minimum amount’ to be paid is just a big scam to get you in the vicious cycle of interest payments.

Currency Rate Rip-off for International Payments

In India, you usually don’t pay extra for using a credit card instead of cash. But don’t make the mistake of assuming that applies to using your credit card abroad or on international websites.

I paid $185 via credit card on an international website a few days ago. The exchange rate on that date was ₹74.35 for $1. I should have been billed ₹13752 for paying $185. Instead, I was billed ₹14370, or an extra ₹618. So the credit card charged me an exchange rate of ₹77.68 for $1.

Or ₹3.33 extra for every dollar, or a 4.6% commission. That’s quite a rip-off.

In this case, my only other option was Paypal. I had used PayPal for a previous international payment, and they charged close to ₹4 extra for every dollar. Paypal isn’t my pal. So basically, it was just about choosing the lesser evil.

Card Discounts at Online Sales

This is one reason why credit card usage in India has shot up. How it works is the big online retailers like Amazon and Flipkart usually have a big sale every few months with up to 10% discounts on a range of products. The thing is these deals are usually tied to specific credit card. So let’s say you have your eye on a pair of wireless buds (AirPod equivalents) costing ₹3000, you get ₹300 off, which is a decent deal.

But there are lots of catches so you need to read the fine print.

Minimum amount This used to be ₹3000 but the online sellers have now jacked it up to ₹5000. This means the discount is not applicable for the above wireless buds. Desperate customers wind up buying other things to reach ₹5000 and get a ₹500 discount. I once spent ₹800 on a one-liter pack of handwash to get a ₹500 discount on my total bill of ₹5000. I still haven’t finished that handwash despite it being Covid season.

Not applicable on Debit Cards The sale offers used to be initially valid on debit cards too but these days I notice it’s mostly restricted to credit cards.

Card Fees Most cards (credit & debit) come with an annual fee. Sometimes a credit card waives this fee if you spend a certain amount through that card in a year. Those who are tempted to take many credit cards end up paying annual fees which can cancel out the discounts they get. One way around this is to look for a credit card that does not have an annual fee. Like I have one from Amazon which has tied up with ICICI bank to give a lifetime free card. As of now, I haven’t spotted any catch. Fingers crossed.

Price manipulations I bought a mobile phone for ₹14,000 after price and credit card discounts at an Amazon sale. The day after the sale, Amazon offered an additional discount. Ironically, this meant I should have waited for the Amazon Sale to get over as I could have got the mobile for ₹13,000, saving an additional ₹1000. I tried to return the phone and buy the new one, but Amazon was a step ahead of me. They had changed their policy to strictly limit returns to replacements, not refunds.

This is not a one-off. I had a pair of sandals in my shopping cart. Its price dropped by ₹200 on the first day of the sale, and a further ₹200 on the second day. I was thrilled and decided to wait to see if it would drop any further. To my chagrin, the price went up the next day though the sale was still on. It never did drop again so I ended up deciding not to buy it. In hindsight, that was a good thing as I didn’t really need those sandals and was only tempted because of the discounts.

What I’m saying is the online sellers are making it harder for people to predict price trends. So that bargain you got might not be such a bargain after all.

Stick to Debit Cards or Prepaid Cards

If financial discipline is not your thing, avoid credit cards. Stick to prepaid cards or debit cards. Prepaid cards only allow you to spend money that is on the card like my Airtel card. ICICI’s Pockets app offers a similar card. Your bank will have its own version.

What’s important is a debit card is connected to your bank account and you can’t spend more than what is in that account. So there’s no question of overspending and getting caught up in exorbitant interest payments. Worst-case scenario, you take an overdraft from your bank account as the interest rate on ODs is lower than credit card interest rates.

Virtual ID apps

These are official apps issued by the Indian government. They connect to secure government servers and issue versions of my IDs in the app that are ‘at par with the original documents as per the IT Act.’ My Digilocker app has official versions of my Driving License, Car Registration, Aadhaar, PAN, and Gas.

Another app I use is mParivahan, which lets me store registration papers of cars that are not in my name, aka my wife’s car. This wasn’t possible in Digilocker and mAadhaar the last time I looked.

Anyway, there goes one more reason to carry a wallet. Besides, if I don’t have to carry my ID, I can’t lose it. This means I don’t need to worry about it being misused, which is a good thing.

Security Issues

Some simple ground rules.

Never share your OTPs to any ‘customer service rep.’ Or any SMS for that matter. Despite its insecurity, SMS is mostly used for security as nobody uses it for messaging anymore. Service staff are not supposed to ask for OTPs. If they keep pestering you, don’t waste time arguing. Just cut the line or give them some random number and let them stew.

Use two-factor authentication instead of OTP Your phone was not designed to be a security device and neither is SMS. So using a phone OTP as the second authentication factor may not be a good idea. Instead use other means. This is especially vital during banking. SBI lets you do this by using the SBI Secure OTP app to generate OTPs instead of using a phone OTP.

You should do two-factor verification for your email too. For instance, Gmail allows you to use a second device or the Gmail app to verify it’s you trying to access your email. Like if I sign in to my Gmail on a new browser on my iPhone, I get a Google authorisation pop-up to verify it on my Android where I use the same Gmail. I also have the option to verify the sign-in attempt via similar verification messages in my Gmail apps on my iPad or my iPhone.

I also use authentication apps like Authy for other services like Amazon. Though I set it up to work only with Authy, Amazon has defaulted back to working with OTPs as well as Authy. Need to check this out.

Never install random apps suggested by a ‘customer service rep. Apps like TeamViewer and AnyDesk let people take over your phone and see what’s on your screen, including the OTPs you receive and the passwords you type.

These apps were meant for remote assistance by service staff. Like when my Mom’s PC misbehaved and I was traveling, I would take over her PC from afar and fix it for her, using similar apps. Fraudsters are misusing this useful service. If you have these apps installed on your phone for some reason, don’t share the code that lets people take over your phone.

Never type your PIN to receive money Banks allow you to withdraw money from an account only with the account holder’s permission (like his signature on a cheque). But you don’t need permission to deposit money in anyone’s account as long as you know their account number. In the UPI system, your PIN is your digital signature. It gives permission for money to be taken out of your account. So the moment you type it, money will go out of your account.

In fact, this is a favorite tactic of UPI fraudsters. That ‘customer service rep’ will call you, weave his spell, and say he’s sending you some money to test the service. So when you see a message that says ‘test message’ and asks you to type in your PIN, you may do it out of sheer habit. If the guy is on the phone, he will keep talking to distract you from seeing that it’s a request for money. The next thing you know, money is gone from your account.

Card blocked If a ‘customer service rep’ calls saying your card is blocked, don’t panic. Just test if it’s really blocked. Use your card to load money into one of your online wallets. If it works, it’s not blocked, and that ‘rep’ is just trying to get your card details.

Never Google for customer service numbers. Fraudsters spend big money to get numbers that look like official helpline number, and cleverly use SEO to make that number pop on Google when you search for certain keywords. Instead, go to your bank’s website and dial that number. Or check the back of your card as the helpline number is usually there.

Don’t share your phone’s password Your friend may do one of the above, and you wouldn’t have a clue.

Don’t share personal stuff on social media Avoid putting personal stuff like your phone number, address, the city you were born in, your mother’s maiden name, etc. These are usually used as security questions by email services etc so a fraudster may take advantage of it to hack your email or phone.

Report any hacking attempt Do this on India’s new Cyber Crime website. It will take a few minutes to fill in all the details. But once you do, it’s an official police complaint, and you can track the progress of your complaint.

Don’t assume your one complaint won’t make a difference. I have been complaining to TRAI about spam SMS for quite some time. My first 100 or 200 complaints were brushed aside. But I persisted. Recently, TRAI has started replying saying the spammers are being taken to task, and junk SMS to my phone have visibly reduced. Every drop counts.

On the left, is a spam message trying to sell me an educational course. I presume they got my number from the net as my daughter was using my phone number to apply to universities: she claims she might miss important messages sent to her phone!

Anyway, I tapped the ‘report message’ link below the message several times till it activated and asked me to choose the category of spam. I chose ‘educational’, and tapped on ‘done.’ A week later, I get a reply from TRAI saying, action is being taken against the offending spammer. That reminds me, you need to first set up the TRAI DND app, for this thing to work.

It can happen to you Every other day, I hear about people giving out details of their IDs, bank account numbers, credit card numbers, or phone OTPs. The fraudsters are persuasive as they may have hacked your email, and be aware that you have applied for a credit card so they can be pretty convincing. I used to wonder how people could be such fools till the day it happened to me.

I had just applied for an online wallet and was supposed to submit my documents. A guy called me claiming to represent the wallet, and asked for my Aadhaar and Pan Card. Since I was expecting that call, I didn’t bother to ask him to verify who he was. We were on a Google Duo video call, and he snapped pictures of all my documents, and then went offline. It was only then that it dawned on me that someone could have hacked my email, and masqueraded as the wallet’s representative to get my details.

That was a bad half-hour till the wallet staff called me back to confirm the video call was authentic. Since then, I always ask for a physical offline verification instead of giving my critical info to an unseen voice on a phone.

Password Managers

Security experts recommend you change your password every month. That may not be practical all the time for everyone. What’s possible is a password manager to generate and save passwords. Apple does a good job of this, and Windows has something similar though I prefer the Google Chrome one. If you are on both platforms, it can be an issue.

One way to get around this is to use Chrome on both platforms, or else use a password manager. This is an app that generates passwords, syncs them across devices, keeps track of all passwords, and suggests them when you need to log in on a website. This does not always happen, so I often have to open the app, and manually type in the password but it’s better than getting hacked. LastPass is an open-source password manager that’s quite popular. I also noticed a new free one called BitWarden that has a lot of features.

Two-Factor Authentication

Things have evolved in India’s payment scene, and in some ways, India is far ahead of the West. For instance, if someone steals your card in the West, they can go on a shopping spree and max out your card.

That won’t happen in India because two-factor authentication is mandatory for credit card payments. This means payments won’t go through without a second level of verification which is not available on the card. It may be a PIN you have memorized. Or an OTP sent to your phone or email. Hence two-factor. This feature was made mandatory in credit cards in India quite some time ago, unlike the West where it still isn’t in wide use.

Indian credit cards usually don’t work for international payments

International payments usually don’t work on Indian credit cards as they need that OTP to complete the transaction (see next section for the exceptions to this rule). Websites outside Indian are often not even designed to ask for an OTP during the online payment process.

Secondly, OTPs are sent via SMS messages on cellular networks. Your bank charges a small quarterly or annual fee to cover these charges, as long as the transaction happens within India. That’s because sending an SMS message overseas and getting a reply is far more expensive (think international calls). The system to collect the SMS fee from the buyer isn’t in place as it would be complicated to calculate with currency exchange and transfer rates, a collection mechanism, etc. So the payment system will reject that payment.

Even if it’s accepted, the OTP message (SMS) sometimes won’t reach the buyer within the 30 second time limit, and the payment gets aborted.

The OTP Loophole for international payments

Warning: Don’t assume that your credit card can’t be used without an OTP confirmation. If you do, you could be in for an unpleasant surprise.

I have observed some international players get around the two-factor authentication. Medium is a good example of this. They put me on a recurring monthly payment for my membership fees, and it went out of my credit card every month, without any need for an OTP sent to my phone.

It’s not just Medium. I recently paid for a University application in US, and the payment went through without an OTP. Have recognized educational institutes have been excluded from the need for an OTP? I don’t think so as I have used my card on Amazon UK and it works there too. Is it because of some tie-up with my Indian Amazon account? My guess is the banks are probably allowing these loopholes to exist to keep the wheels of commerce rolling.

Fortunately, there is a way to prevent your card being misused by an international hacker who gets your card details. Just disable international transactions on your card. See the following section for details.

Disable card functions that you don’t need

The ‘Tap & Pay’ function in my credit card uses an inbuilt NFC chip to allow payment by just waving my card over the payment machine. No need to remember any PIN code.

Oddly enough, this advance in tech does away with the safety of two-factor authentication. It may be convenient for me, but even more so for a crook who steals my card. I was a bit surprised to find it works on my card, which means it was enabled by default when I received my card.

Note to ICICI bank: Please make such features opt-in, not opt-out.

Fortunately, you can disable this by going online, and managing your card. Here’s how it’s done on my ICICI bank website. As you can see, I have disabled Tap & Pay, International transactions, and ATM withdrawals on my card.

Other banks will have something similar. Here it is on SBI’s Yono Lite app. I usually keep everything turned off here, except merchant outlet transactions. I turn on the other features only when I need them. Like if I need to buy something online, then I turn on the e-commerce feature (CNP stands for Card Not Present). It’s a pain but a few minutes may save me hours of worry.

Income tax is the biggest roadblock to going digital

If an Indian gets paid in cash for a job, he’s supposed to deposit it in my bank, account for it, and pay taxes on it if his income is above the tax-free limit. That’s a big ask, as it’s not easy for the government to track cash payments.

Still, if the government plays fair, honest citizens might be motivated to account for their cash income. But the government isn’t holding up its end of the bargain.

Take my case. I don’t have cash income so everything is accounted for. Now the Indian banks deduct tax at source (TDS) from my account and remit it to the government. This is standard for anyone whose income is above the tax level. Excess taxes collected are supposed to be automatically refunded when I file my tax return.

So I filed my tax returns last year and was due to get a tax refund last year, as the government had taken more than they should have. Instead, they sent me a mail asking for some clarifications on my income. I emailed a reply to their query but they haven’t even acknowledged my reply. It’s all documented in my bank account statements and tax returns. But the onus is on me to prove that they have made a mistake.

Unless the Indian government simplifies and streamlines the tax complaint redressal system, even honest citizens will not make the effort to account for their cash payments.

Conclusion

There was a time when if I left home without my wallet, I would have had to go back. Not anymore. If I have my phone, I’m fine.

There are other times when it’s simply inconvenient to carry my wallet, like when I’m going for a run. I carry my phone though, as I need music or an audiobook to keep me going and track my run. So if I have to pick up some fruits on my way home, being able to pay by phone is a perfect solution.

So yes, I’m a big fan of my phone’s new powers. But as of now, I’m not permanently retiring my wallet. The truth is cash still plays a big role in India, and we won’t be saying goodbye to our wallets any time soon.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store