The RBI report on ‘Enabling Public Key Infrastructure (PKI) in Payment System Applications' said banks should also inform customers about risks associated with different types of online banking transaction.
"Internet banking applications of all banks should mandatorily create authentication environment for password-based two-factor authentication as well as PKI-based system for authentication and transaction verification in online banking transaction," the report said. It also said customers should be given the option to choose from different methods of authentication for ensuring security of online transactions.
There are various PKI-enabled electronic payments systems introduced by the RBI such RTGS, NEFT, CBLO, Forex Clearing, Government Securities Clearing, and Cheque Truncation System (CTS). In volume terms, these systems contributed 25.1 per cent whereas these systems contributed 93.7 per cent share to the total payment transactions carried out in 2012-13 in value terms.
Non-PKI enabled payment systems contributed 75 per cent in volume terms but only 6.3 per cent in value terms in 2012-13. "The objective of an effective payment system is to ensure a safe, secure, efficient, robust and sound payment system in the country. In order to secure electronic documents and transactions and to ensure legal compliance, digital technology is used," it said.
The report said that the banks may carry out in three phases PKI implementation for authentication and transaction verification.
"The banks have been mandated to issue EMV (card with chip and pin) to certain category of customers and for the other customers, banks have been given option to either issue EMV cards or adopt Aadhaar biometric authentication as additional factor of authentication," the report said. - PTI