[vivekiny2k]

in bank of america, everytime you make an important change (e.g. add a payee), it prompts you to press a button which triggers an SMS, and you need to type the number received in SMS.

It will be more effective this way, where an online transaction triggers the OTP.

[gaddiwale]

Quote:

Originally Posted by Milestone

+1

I dont think its required to generate pin all the time. If thats the case one should always have the registered mobile along for the transaction.

Cheers !!!

Very valid question. If some body don't use mobile then bank will not issue Credit Cards to that person? I know many old persons uses Credit cards but do not keep mobile phone - what happened to them?

[dhanushs]

^^ You always have the option of changing the registered mobile phone numbers.

Well, this step definitely adds security to the overall transaction, but the point is whether it is worth the inconvenience caused.

[Milestone]

Quote:

Originally Posted by Newpunter

I think the RBI has made this mandatory , so all credit card companies will be implementing this from Jan 1st ( but i have read that this is only for IVR transactions and not sure if it applies to online transactions ) . Regarding the cases when we want to complete a transaction from a different country, I think the OTP will be sent to both the registered mobile as well as the registered E-mail id. So even if we do not receive the SMS, we have a backup option in the mail.

Yes, you are right, its only for IVT transactions and valid for 2 hrs. My banker says currently its implemented for India only and will receive the OPT on both mobile as well as on mail.

Cheers !!!

[blackasta]

Quite inconvenient for me as I have to pay my Indian phone bill every month (used by my mom) - but I have to bear with it.

@vivekiny2k - I did not know about this feature of BofA.

[tsk1979]

I do not think it will impact online transactions, just the through telephone transactions.

[klassics45]

Quote:

Originally Posted by joslicx

Exactly my first thoughts!
I have a banking a/c with Axis bank and they have this stupid process every time you need to login. Recently when I was out of India I just couldnt use it for paying my bills! Its quite frustrating!

Same issue for me. When i travel abroad i use my citi bank account for all transactions since they send the key to both your phone and email.

[Technocrat]

Quote:

Originally Posted by vivekiny2k

in bank of america, everytime you make an important change (e.g. add a payee), it prompts you to press a button which triggers an SMS, and you need to type the number received in SMS.

It will be more effective this way, where an online transaction triggers the OTP.

Both Citibank & SBI do similar in India & like someone said, its a pain if you are out of country.

Citibank does allow me to receive this pin via both email & sms (Just like BOA)

[vnabhi]

Quote:

Originally Posted by sgiitk

I pain in the a$$. What happens when you go abroad and have to make a payment!

Exactly my apprehensions! What shall I do till Feb, until I return to India?

[Gansan]

It has been made compulsory by RBI I think. Anyway I was using only my HDFC Bank Visa card for online transactions. We can generate a netsafe e-card for the precise amount and complete the transaction by entering the details of that card. It self destructs after 24 hours and erases any unused amount.

Talking of third party transfers from our bank account, I like the procedure of Bank of India very much. Just before making the transfer they sms an one time password which we have to enter. Also, they give a tool called "Star Token" which we can install in a computer of our choice. Thereafter any transaction will be recognized only from that IP address. If we need to logon from any other machine, we need to get a one time password by sms.

[dmplog]

Isn't this name "OTP - One time Password" misleading? I initially thought that this is a "One time" activity! But, appears that this is a everytime you have to generate a password, which is certainly a BIG pain (adds cost and unreliability of mobile service providers).
IMO - It should be named a ETNP "Every time new password"

[silversteed]

^^^ It's called One Time Password because that particular password is valid only for One transaction. After that it expires and you have to generate another one.

IMO, it's a good move by RBI to add another layer of security. In this age of Credit Card details getting stolen even in reputed merchant establishments, it's a necessity. I believe the second number given my Citibank is not a premium number, and if you have a free messaging pack, your sms won't be charged. Hope other banks also keep some normal number instead of a premium number.

[khoj]

Quote:

Originally Posted by msdivy

SBI already has OTP for every online transaction. Is this new process same as that?

I don't think SBI has the OTP in place, are you referring to the 'secure by Visa' & similar arrangement by Mastercard by any chance?

Quote:

Originally Posted by bullinb

Which makes sense because online transactions already have a third layer of security - PIN.

Now this is puzzling, ATM and debit cards have PINs but credit cards??

[silversteed]

Quote:

Originally Posted by khoj

I don't think SBI has the OTP in place, are you referring to the 'secure by Visa' & similar arrangement by Mastercard by any chance?

SBI has something called "High-security enabled transaction". They'd send you a One Time numerical Password to your registered mobile. Earlier, you had the option to use your transaction password instead of using this OTP - there is a link in their Online Banking site where you can disable (by default it's disabled). But now, this OTP is mandatory. They are running a marquee in their site.

Quote:

Now this is puzzling, ATM and debit cards have PINs but credit cards??

Actually all forms of cards have PIN, but for Credit cards, we hardly ever use them. It's to be used only when we insert the card in an ATM.

[Thad E Ginathom]

Surely I must have missed something?

Quote:

Getting an OTP
Please SMS OTP XXXX (Last 4 digits of the Credit Card number) to 52484 or 9880752484 to generate an OTP.

So all I need. to do that, is a credit card number and the appropriate phone number of the issuing bank?

How is that secure?

most layers of so-called security are to protect the banks. In Europe, chip'n'pin was king: it made it absolutely impossible to fake a transaction, and anyone who said that a chip'n'pin transaction on their account was fraudulent must be liar or have revealed their PIN to someone who could get hold of the card. Eventually, the banks had to admit that the system was not fool-proof and start compensating people for chip'n'pin fraudulent transactions.