Yesterday I did a transaction with Paytm. By mistake I entered wrong CVV but transaction was successful.
(Kotak league credit card)
First thing this is a known issue across all banks not to us or them but to banks and payment gateway /processers/card network ,but the issue is with payment gateway /payment processor related
First identification is via card no which is reported to banks for verification that's 1st factor authentication
Second factor authentication is OTP,here there are two types On us and off is transactions
In on us transaction Card network is bypassed by payment gateway /processers in association with banks to keep transaction off card network to save costs (read verified by visa etc)
In of us transaction you go through card network and always enter Otp on BANK payment page
In either way OTP is 2nd factor of authentication
So to prevent fraud or unauthorized transaction CVV and Expiry is embedded by card network as CARD NETWORK provides payment process to banks so they're responsibile for those liabilities...so it's nothing to do with banks or RBI OR any regulator
So second rung of responsibility lies with payment gateway but they're liable only to the extent of fraud on thier network...so that is also not bank or regulator concern...so here fault and liability is with CARD NETWORK &payment gateway but they are lax as they don't find it worth the effort or doesn't make business sense...so it's happening
The only saving grace is in domestic transactions OTP is 2nd factor authentication is necessary for transactions to go through...but for int transactions that is a big threat
Here comes the debit card /credit card differentiation where DEBIT CARD transactions aren't easily reversible and most debit cards doesn't come with card purchase protection or the card unauthorized card protection
While most credit cards comes with protection and as transaction settlement is on the books of financial Institutions it is easily reversable
So for consumers it's imp to keep this in mind while transacting via cards
So keep your sim /mobile device /Otp safe along with key card details along with other sensitive acc details +keep an eye on transactions or balance in acc on regular basis and always report unauthorised transaction asap
Second imp thing is to better turnoff the transaction levers or atleast keep limits as low as possible this should be followed strictly in DEBIT CARDS and especially for INTERNATIONAL TRANSACTION controls