RBI/2013-14/60
DBOD.No.FSD.BC. 4/24.01.011/2013-14
July 1, 2013
Ashadha 10, 1935 (Saka)
Dear Sir/Madam
Master Circular on Credit Card, Debit Card and Rupee Denominated Cobranded Prepaid Card operations of banks
Please refer to the Master Circular No.DBOD.FSD.BC.23/24.01.011/2012-13 dated July 2, 2012 consolidating the instructions/guidelines issued to banks and NBFCs on credit card operations of banks till June 30, 2012. A reference is also invited to the guidelines for issue of debit cards/prepaid cards by banks.
2. The instructions on credit card operations of banks and NBFCs as well as guidelines on issuance of debit cards and co-branded pre-paid cards by banks issued upto June 30, 2013 have been consolidated in this Master Circular which has been suitably re-named.
3. It may be noted that the instructions on credit card operations of banks are applicable, mutatis-mutandis, to NBFCs issuing credit cards.
4. The Master Circular has been placed on the RBI website (www.rbi.org.in). All the credit, debit and pre-paid card issuing banks and credit card issuing NBFCs should adhere to these guidelines strictly.
Yours faithfully
(Prakash Chandra Sahoo)
Chief General Manager
Master Circular on Credit Card, Debit Card and
Rupee Denominated Co-branded Prepaid Card operations of banks
Table of Contents
A. Purpose: To provide a framework of rules/regulations/standards/practices to the credit, debit, prepaid card issuing banks and to the credit card issuing NBFCs to ensure that the same are in alignment with the best customer practices. Banks should adopt adequate safeguards and implement the following guidelines in order to ensure that their card operations are run on sound, prudent and customer friendly manner.
B. Classification: A statutory guideline issued by the RBI.
C. Previous guidelines consolidated: This Master Circular consolidates the instructions contained in the circulars listed in the Appendix.
D. Scope of Application: To all Scheduled Commercial Banks (excluding RRBs) that engage in credit, debit, prepaid card business directly or through their subsidiaries or affiliated companies controlled by them and to all NBFCs that engage in credit card business.
Structure
I. Credit Card Operations of banks
1. Introduction
1.1 Background
1.2 Basic features of credit cards
1.3 Types of credit cards
1.4 Fair Practices Code
2. Issue of cards
3. Interest rates and other charges
4. Wrongful billing
5. Use of DSAs/ DMAs and other agents
6. Protection of customers’ rights
6.1 Right to privacy
6.2 Customer confidentiality
6.3 Fair practices in debt collection
7. Redressal of Grievances
8. Internal control and monitoring systems
9. Fraud Control
10. Right to impose penalty
II. Issue of Debit Cards by banks
1 Introduction
2 Board approved policy
3 Types of debit cards
4 Offline debit cards
5 Compliance with KYC norms/AML standards/CFT obligations of banks under PMLA, 2002
6 Payment of interest on balances
7 Terms and conditions for issue of cards to customers
8 Cash withdrawals
9 Security and other aspects
10 Compliance with DPSS instructions
11 Issue of International Debit Card
12 Review of operations
13 Reporting requirements
14 Redressal of grievances
15 Co-branding arrangement
16. Unsolicited Commercial Communication
III. Issue of Rupee Denominated Co-Branded Prepaid Cards
1 Introduction
2 Board approved policy
3 Due diligence
4 Outsourcing of activities
5 Role of non-bank entity
6 Compliance with KYC norms/AML standards/CFT obligations of banks under PMLA, 2002
7 Confidentiality of customer information
8 Payment of interest
9 Compliance with DPSS guidelines on issue and operation of prepaid instruments in India
10. Unsolicited Commercial Communication
Annex- Most Important Terms and Conditions
Appendix – List of circulars consolidated
I. Credit Card Operations of Banks
1 Introduction
1.1 Background
This circular is aimed at providing general guidance to banks/NBFCs on their credit card operations, and the systems and controls expected of them in managing their credit card business. It also sets out the best practices that they should aim to achieve.
Experience has shown that the quality of banks’ credit card portfolios mirrors the economic environment in which they operate. Very often, there is a strong correlation between an economic downturn and deterioration in the quality of such portfolios. The deterioration may become even more serious if banks have relaxed their credit underwriting criteria and risk management standards as a result of intense competition in the market. It is therefore important for banks to maintain prudent policies and practices for managing the risks of their credit card business which are relevant to the market environment that they operate in.
To facilitate a better understanding of the credit card operations, the basic features of credit cards and their associated operations are highlighted in the subsections below.
1.2 Basic features of credit cards
The term “credit card” usually/generally refers to a plastic card assigned to a cardholder, usually with a credit limit, that can be used to purchase goods and services on credit or obtain cash advances.
Credit cards allow cardholders to pay for purchases made over a period of time, and to carry a balance from one billing cycle to the next. Credit card purchases normally become payable after a free credit period, during which no interest or finance charge is imposed. Interest is charged on the unpaid balance after the payment is due. Cardholders may pay the entire amount due and save on the interest that would otherwise be charged. Alternatively, they have the option of paying any amount, as long as it is higher than the minimum amount due, and carrying forward the balance.
A credit card scheme typically involves the following parties:
-
Cardholders - persons who are authorized to use credit cards for the payment of goods and services;
-
Card issuers - institutions which issue credit cards;
-
Merchants - entities which agree to accept credit cards for payment of goods and services;
-
Merchant acquirers – Banks/NBFCs which enter into agreements with merchants to process their credit card transactions; and
-
Credit card associations - organisations that license card issuers to issue credit cards under their trademark, e.g. Visa and MasterCard, and provide settlement services for their members (i.e. card issuers and merchant acquirers).
Credit card schemes normally operate at an international level too, meaning that cardholders belonging to card issuers in one country can make purchases at the place of business of merchants in another country.
The focus of this circular is on the operations, risks and controls associated with credit card schemes of which banks (or their subsidiaries or affiliated companies under their control) are either the card issuer or the merchant acquirer.
1.3 Types of credit cards
Credit cards can be broadly categorised into two types:
General purpose cards and private label cards: The former are issued under the trademark of credit card associations (VISA and Mastercard) and accepted by many merchants while the latter are only accepted by specific retailers (e.g. a departmental store).
Banks in India can undertake credit card business either departmentally or through a subsidiary company set up for the purpose. They can also undertake domestic credit card business by entering into tie-up arrangement with one of the banks already having arrangements for issue of credit cards.
Prior approval of the Reserve Bank is not necessary for banks desirous of undertaking credit card business either independently or in tie-up arrangement with other card issuing banks. Banks can do so with the approval of their Boards. However, only banks with networth of `100 crore and above should undertake credit card business. Banks desirous of setting up separate subsidiaries for undertaking credit card business would, however, require prior approval of the Reserve Bank. Banks should adopt adequate safeguards and implement the guidelines enunciated in this circular in order to ensure that their credit card operations are run in a sound, prudent and customer friendly manner.
Most of the card issuing banks in India offer general purpose credit cards. These cards are normally categorised by banks as platinum, gold or classic to differentiate the services offered on each card and the income eligibility criteria. Banks may, at the request of a cardholder, issue a supplementary card (also referred to as ‘add-on cards’) to another individual who is usually an immediate family member of the cardholder.
It is quite common for banks to partner with business corporations or non-profit making organisations (e.g. charitable or professional bodies) to issue co-branded cards. However they need to undertake due diligence on the non-bank entity to protect themselves against the reputation risk to which they are exposed to in such an arrangement. NBFCs, which desire to enter into a co-branding arrangement for issue of credit cards with banks, may be guided by the instructions contained in circular No. DNBS (PD) CC No.83/03.10.27/2006-07 dated December 04, 2006
Banks may also issue corporate credit cards to the employees of their corporate customers.
The types of credit cards mentioned above are illustrative and not exhaustive. Banks may, from time to time, introduce new credit card products to satisfy customer needs and cater to the changes in market conditions.
1.4 Fair Practices Code
Each bank must have a well documented policy and a Fair Practices Code for credit card operations. The Banking Codes and Standards of India (BCSBI) has released a “Code of Bank’s Commitment to Customers”(Code) in July 2006 as also a Guidance Note in December 2006, which have been adopted by most of the banks with the approval of their Boards. Such of the banks which have subscribed to the BCSBI Code may incorporate the principles contained in BCSBI Code for evolving their Fair Practices Code for credit card operations, in lieu of IBA Fair Practices Code for credit card operations. The banks’ Fair Practices Code, should at a minimum, incorporate the relevant guidelines contained in this Master Circular. Banks/NBFCs should also widely disseminate the contents of this Master Circular, including through their websites.
2 Issue of cards
2.1 Banks/NBFCs should ensure prudence while issuing credit cards and independently assess the credit risk while issuing cards to persons, especially to students and others with no independent financial means. Add-on cards i.e. those that are subsidiary to the principal card, may be issued with the clear understanding that the liability will be that of the principal cardholder.
2.2 In terms of the instructions contained in the circular DBOD.No.Leg.BC.65/09.07.005/2006-07 dated March 6, 2007, banks have been advised that in case of all categories of loans irrespective of any threshold limits, including credit card applications, banks should convey in writing the main reason/reasons which in the opinion of the bank have led to the rejection of the loan applications. It is reiterated that banks should convey in writing the main reason/reasons which have led to the rejection of the credit card applications.
2.3 As holding several credit cards enhances the total credit available to any consumer, banks/NBFCs should assess the credit limit for a credit card customer having regard to the limits enjoyed by the cardholder from other banks on the basis of self- declaration/ credit information.
2.4 The card issuing banks/NBFCs would be solely responsible for fulfillment of all KYC requirements, even where DSAs / DMAs or other agents solicit business on their behalf.
2.5 While issuing cards, the terms and conditions for issue and usage of a credit card should be mentioned in clear and simple language (preferably in English, Hindi and the local language) comprehensible to a card user. The Most Important Terms and Conditions (MITCs) termed as standard set of conditions, as given in the Annex, should be highlighted and advertised/ sent separately to the prospective customer/ customers at all the stages i.e. during marketing, at the time of application, at the acceptance stage (welcome kit) and in important subsequent communications.
3 Interest rates and other charges
3.1 Credit card dues are in the nature of non-priority sector personal loans and as such, upto June 30, 2010, banks were free to determine the rate of interest on credit card dues without reference to their BPLR and regardless of the size in terms of the Directives on Interest rates on advances. However, with the introduction of Base Rate system with effect from July 1, 2010, all categories of loans, except certain specified exemptions, should be priced only with reference to the Base Rate.
3.2 Banks are advised to be guided by the instructions on interest rate on advances, as amended from time to time, while determining the interest rate on credit card dues. Banks have also been advised that they should prescribe a ceiling rate of interest, including processing and other charges, in respect of small value personal loans and loans similar in nature. The above instructions are applicable to credit card dues also. In case, banks/ NBFCs charge interest rates which vary based on the payment/ default history of the cardholder, there should be transparency in levying of such differential interest rates. In other words, the fact that higher interest rates are being charged to the cardholder on account of his payment / default history should be made known to the cardholder. For this purpose, the banks should publicise through their website and other means, the interest rates charged to various categories of customers. Banks/NBFCs should upfront indicate to the credit card holder, the methodology of calculation of finance charges with illustrative examples, particularly in situations where a part of the amount outstanding is only paid by the customer.
3.3 Further, the banks/NBFCs have to adhere to the following guidelines relating to interest rates and other charges on credit cards:
-
Card issuers should ensure that there is no delay in dispatching bills and the customer has sufficient number of days (at least one fortnight) for making payment before the interest starts getting charged. In order to obviate frequent complaints of delayed billing, the credit card issuing bank/NBFC may consider providing bills and statements of accounts online, with suitable security measures. Banks/ NBFCs could also consider putting in place a mechanism to ensure that the customer’s acknowledgement is obtained for receipt of the monthly statement.
-
Card issuers should quote Annualized Percentage Rates (APR) on card products (separately for retail purchase and for cash advance, if different). The method of calculation of APR should be given with a couple of examples for better comprehension. The APR charged and the annual fee should be shown with equal prominence. The late payment charges, including the method of calculation of such charges and the number of days, should be prominently indicated. The manner in which the outstanding unpaid amount will be included for calculation of interest should also be specifically shown with prominence in all monthly statements. Even where the minimum amount indicated to keep the card valid has been paid, it should be indicated in bold letters that the interest will be charged on the amount due after the due date of payment. These aspects may be shown in the Welcome Kit in addition to being shown in the monthly statement. A legend/notice to the effect that “Making only the minimum payment every month would result in the repayment stretching over years with
consequent interest payment on your outstanding balance" should be prominently displayed in all the monthly statements so as to caution the customers about the pitfalls in paying only the minimum amount due.
-
Banks/NBFCs should step up their efforts on educating the cardholders of the implications of paying only ‘the minimum amount due’. The “Most Important Terms and Conditions” should specifically explain that the ‘free credit period’ is lost if any balance of the previous month’s bill is outstanding. For this purpose, banks/ NBFCs could work out illustrative examples and include the same in the Welcome Kit sent to the cardholders as also place it on their website.
-
The banks /NBFCs should not levy any charge that was not explicitly indicated to the credit card holder at the time of issue of the card and without getting his / her consent. However, this would not be applicable to charges like service taxes, etc. which may subsequently be levied by the Government or any other statutory authority.
-
The terms and conditions for payment of credit card dues, including the minimum payment due, should be stipulated so as to ensure that there is no negative amortization.
-
Changes in charges (other than interest) may be made only with prospective effect giving notice of at least one month. If a credit card holder desires to surrender his credit card on account of any change in credit card charges to his disadvantage, he may be permitted to do so without the bank levying any extra charge for such closure. Any request for closure of a credit card has to be honoured immediately by the credit card issuer, subject to full settlement of dues by the cardholder.
-
There should be transparency (without any hidden charges) in issuing credit cards free of charge during the first year.
4. Wrongful billing
The card issuing bank/NBFC should ensure that wrong bills are not raised and issued to customers. In case, a customer protests any bill, the bank/ NBFC should provide explanation and, if necessary, documentary evidence may also be provided to the customer within a maximum period of sixty days with a spirit to amicably redress the grievances.
5 Use of Direct Sales Agent (DSAs) / Direct Marketing Agents (DMAs) and other agents
5.1. When banks /NBFCs outsource the various credit card operations, they have to be extremely careful that the appointment of such service providers does not compromise with the quality of the customer service and the banks'/NBFCs' ability to manage credit, liquidity and operational risks. In the choice of the service provider, the banks/NBFCs have to be guided by the need to ensure confidentiality of the customer’s records, respect customer privacy, and adhere to fair practices in debt collection.
5.2 In terms of the BCSBI’s Code of Bank’s Commitment to Customers, banks which have subscribed to the Code are required to prescribe a Code of Conduct for their DSAs whose services are engaged by banks for marketing their products/services. Banks should ensure that the DSAs engaged by them for marketing their credit card products scrupulously adhere to the Code of Conduct for Credit Card operations of the banks/NBFCs which should be displayed on the website of individual bank/NBFC and be available easily to any credit card holder.
5.3 The bank/NBFC should have a system of random checks and mystery shopping to ensure that their agents have been properly briefed and trained in order to handle with care and caution their responsibilities, particularly in the aspects included in these guidelines like soliciting customers, hours for calling, privacy of customer information, conveying the correct terms and conditions of the product on offer, etc.
6. Protection of Customer Rights
Customer’s rights in relation to credit card operations primarily relate to personal privacy, clarity relating to rights and obligations, preservation of customer records, maintaining confidentiality of customer information and fair practices in debt collection. The card issuing bank/NBFC would be responsible as the principal for all acts of omission or commission of their agents (DSAs / DMAs and recovery agents).
6.1 Right to privacy
-
Unsolicited cards should not be issued. In case, an unsolicited card is issued and activated without the written consent of the recipient and the latter is billed for the same, the card issuing bank shall not only reverse the charges forthwith, but also pay a penalty without demur to the recipient amounting to twice the value of the charges reversed.
-
In addition, the person in whose name the card is issued can also approach the Banking Ombudsman who would determine the amount of compensation payable by the bank to the recipient of the unsolicited card as per the provisions of the Banking Ombudsman Scheme 2006, i.e., for loss of complainant’s time, expenses incurred, harassment and mental anguish suffered by him.
-
There have been instances where unsolicited cards issued have been misused before reaching the person in whose name these have been issued. It is clarified that any loss arising out of misuse of such unsolicited cards will be the responsibility of the card issuing bank/NBFC only and the person in whose name the card has been issued cannot be held responsible for the same.
-
The consent for the cards issued or the other products offered along with the card has to be explicit and should not be implied. In other words, the written consent of the applicant would be required before issuing a credit card.
-
Unsolicited loans or other credit facilities should not be offered to the credit card customers. In case an unsolicited credit facility is extended without the consent of the recipient and the latter objects to the same, the credit sanctioning bank/NBFC shall not only withdraw the credit limit, but also be liable to pay such penalty as may be considered appropriate.
-
The card issuing bank/NBFC should not unilaterally upgrade credit cards and enhance credit limits. Prior consent of the borrower should invariably be taken whenever there are any change/s in terms and conditions.
-
Banks may ensure that they engage telemarketers who comply with directions/regulations on the subject issued by the Telecom Regulatory Authority of India (TRAI) from time to time.
6.2 Customer confidentiality
-
The card issuing bank/NBFC should not reveal any information relating to customers obtained at the time of opening the account or issuing the credit card to any other person or organization without obtaining their specific consent, as regards the purpose/s for which the information will be used and the organizations with whom the information will be shared. Instances have come to light where banks, as part of the MITCs, obtain the consent of the customer for sharing the information furnished by him while applying for the credit card, with other agencies. Banks should give the customer the option to decide as to whether he is agreeable for the bank sharing with other agencies the information furnished by him at the time of applying for credit card. The application form for credit card may be suitably modified to explicitly provide for the same. Further, in case where the customers gives his consent for the bank sharing the information with other agencies, banks should explicitly state and explain clearly to the customer the full meaning/ implications of the disclosure clause. Banks/NBFCs should satisfy themselves, based on specific legal advice, that the information being sought from them is not of such nature as will violate the provisions of the laws relating to secrecy in the transactions. Banks/NBFCs would be solely responsible for the correctness or otherwise of the data provided for the purpose.
-
In case of providing information relating to credit history / repayment record of the card holder to a credit information company (specifically authorized by RBI), the bank/NBFC may explicitly bring to the notice of the customer that such information is being provided in terms of the Credit Information Companies (Regulation) Act, 2005.
-
Before reporting default status of a credit card holder to a Credit Information Company which has obtained Certificate of Registration from RBI and of which the bank / NBFC is a member, banks/NBFCs should ensure that they adhere to a procedure, duly approved by their Board, including issuing of sufficient notice to such card holder about the intention to report him/ her as defaulter to the Credit Information Company. The procedure should also cover the notice period for such reporting as also the period within which such report will be withdrawn in the event the customer settles his dues after having been reported as defaulter. Banks /NBFCs should be particularly careful in the case of cards where there are pending disputes. The disclosure/ release of information, particularly about the default, should be made only after the dispute is settled as far as possible. In all cases, a well laid down procedure should be transparently followed. These procedures should also be transparently made known as part of MITCs.
-
The disclosure to the DSAs / recovery agents should also be limited to the extent that will enable them to discharge their duties. Personal information provided by the card holder but not required for recovery purposes should not be released by the card issuing bank/NBFC. The card issuing bank /NBFCs should ensure that the DSAs / DMAs do not transfer or misuse any customer information during marketing of credit card products.
6.3 Fair Practices in debt collection
-
In the matter of recovery of dues, banks should ensure that they, as also their agents, adhere to the extant instructions on Fair Practice Code for lenders (circular DBOD.Leg.No.BC.104/09.07.007/2002-03 dated May 5, 2003) as also BCSBI’s Code of Bank’s Commitment to Customers(those banks which have subscribed to the BCSBI Code). In case banks have their own code for collection of dues, they should, at the minimum, incorporate all the terms of BCSBI’s Code referred above.
-
In particular, in regard to appointment of third party agencies for debt collection, it is essential that such agents refrain from action that could damage the integrity and reputation of the bank/NBFC and that they observe strict customer confidentiality. All letters issued by recovery agents must contain the name and address of a responsible senior officer of the card issuing bank whom the customer can contact at his location.
-
Banks /NBFCs / their agents should not resort to intimidation or harassment of any kind, either verbal or physical, against any person in their debt collection efforts, including acts intended to humiliate publicly or intrude the privacy of the credit card holders’ family members, referees and friends, making threatening and anonymous calls or making false and misleading representations.
-
The banks should also ensure to comply with the guidelines in respect of engagement of recovery agents (circular No. DBOD. No. Leg. BC.75 /09.07.005/2007-08 dated April 24, 2008) issued by RBI. These guidelines inter-alia cover aspects relating to i) engagement of Recovery Agents including verification of antecedents of their employees by agents, (ii) incentives to recovery agents – banks to ensure that contracts with the recovery agents do not induce adoption of uncivilized, unlawful and questionable behaviour or recovery process, (iii) methods followed by recovery agents, (iv) training to recovery agents, (v) taking possession of property mortgaged /hypothecated to banks, (vi) use of forum of Lok Adalats, (vii) complaints against the bank/recovery agents, and (viii) periodical review of the recovery agents’ mechanism.
6.4 Insurance cover to cardholders
In cases where the banks are offering any insurance cover to their credit card holders, in tie-up with insurance companies, the banks may consider obtaining in writing from the credit card holders the details of nominee/s for the insurance cover in respect of accidental death and disablement benefits. Banks may ensure that the relevant nomination details are recorded by the Insurance Company. Banks may also consider issuing a letter to the credit card holder indicating the details regarding the name, address and telephone number of the Insurance Company which will handle the claims relating to the insurance cover.
7 Redressal of Grievances
7.1 Generally, a time limit of 60 (sixty) days may be given to the customers for preferring their complaints / grievances.
7.2 The card issuing bank /NBFC should constitute Grievance Redressal machinery within the bank/NBFC and give wide publicity about it through electronic and print media. The name and contact number of designated grievance redressal officer of the bank /NBFC should be mentioned on the credit card bills. The designated officer should ensure that genuine grievances of credit card subscribers are redressed promptly without involving delay.
7.3 Banks/NBFCs should ensure that their call centre staff is trained adequately to competently handle all customer complaints.
7.4 Banks/NBFCs should also have a mechanism to escalate automatically unresolved complaints from a call center to higher authorities and the details of such mechanism should be put in public domain through their website.
7.5 The grievance redressal procedure of the bank/NBFC and the time frame fixed for responding to the complaints should be placed on the bank's website. The name, designation, address and contact number of important executives as well as the Grievance Redressal Officer of the bank/NBFC may be displayed on the website. There should be a system of acknowledging customers' complaints for follow up, such as complaint number / docket number, even if the complaints are received on phone.
7.6 If a complainant does not get satisfactory response from the bank/NBFC which is a subsidiary of a bank within a maximum period of thirty (30) days from the date of his lodging the complaint, he will have the option to approach the Office of the concerned Banking Ombudsman for redressal of his grievance/s. The bank/NBFC, which is a subsidiary of a bank shall be liable to compensate the complainant for the loss of his time, expenses, financial loss as well as for the harassment and mental anguish suffered by him for the fault of the bank and where the grievance has not been redressed in time.
8 Internal control and monitoring systems
With a view to ensuring that the quality of customer service is ensured on an on-going basis in banks/NBFCs, the Standing Committee on Customer Service in each bank/NBFC should review the credit card operations including reports of defaulters to a Credit Information Company which has obtained Certificate of Registration from RBI and of which the bank / NBFC is a member and credit card related complaints on a monthly basis and take measures to improve the services and ensure the orderly growth in the credit card operations. Banks should put up detailed quarterly analysis of credit card related complaints to their Top Management. Card issuing banks should have in place a suitable monitoring mechanism to randomly check the genuineness of merchant transactions. Banks should prepare and place before their Boards/Management Committee a comprehensive Review Report on credit card business on half-yearly basis as at the end of September and March of each accounting year, which should cover essential data on credit card business, such as category and number of cards issued and outstanding, number of active cards, average turnover per card, number of establishments covered, average time taken for recovery of dues from the card holders, debts classified as NPAs and provisions held there-against or amounts written off, details of frauds on credit cards, steps taken to recover the dues, profitability analysis of the business, etc.
9 Fraud Control
9.1 Banks/NBFCs should set up internal control systems to combat frauds and actively participate in fraud prevention committees/ task forces which formulate laws to prevent frauds and take proactive fraud control and enforcement measures.
9.2 With a view to reducing the instances of misuse of lost/stolen cards, it is recommended to banks/NBFCs that they may consider issuing (i) cards with photographs of the cardholder (ii) cards with PIN and (iii) signature laminated cards or any other advanced methods that may evolve from time to time.
9.3 In terms of instructions issued by Department of Payment and Settlement Systems, Reserve Bank of India on security issues and risk mitigation measures, as amended from time to time, banks have been advised to put in place a system of providing for additional authentication/ validation based on information not visible on the cards. The same has been extended to Mail order Transactions Order (MOTO) transactions, which are also a subset of the card-not present transactions. Further, banks have been advised to take steps to put in place a system of online alerts for all types of transactions irrespective of the amount, involving the usage of cards at various channels. Banks have also been advised to put in place various security and risk mitigation measures for electronic payment transactions, in terms of guidelines issued by DPSS from time to time.
9.4 Banks are advised to block a lost card immediately on being informed by the customer and formalities, if any, including lodging of FIR can follow within a reasonable period.
9.5 Banks may consider introducing, at the option of the customers, an insurance cover to take care of the liabilities arising out of lost cards. In other words, only those cardholders who are ready to bear the cost of the premium should be provided an appropriate insurance cover in respect of lost cards.
10 Right to impose penalty
Reserve Bank of India reserves the right to impose any penalty on a bank/NBFC under the provisions of the Banking Regulation Act, 1949/the Reserve Bank of India Act, 1934, respectively for violation of any of these guidelines.
II Issue of Debit Cards by banks
1 Introduction
Debit cards were issued by banks in terms of the guidelines contained in circular DBOD.No.FSC.BC.123/24.01.019/99-2000 dated November 12, 1999, and subsequent amendments and mail box clarifications. After enactment of the Payment and Settlement Systems Act, 2007(PSSA), Department of Payment and Settlement Systems (DPSS) of the Reserve Bank of India, has also issued instructions on some aspects of debit cards such as security and risk mitigation, transfer of funds between domestic debit, prepaid and credit cards, and merchant discount rates. In view of the above, and in supersession of previous instructions, comprehensive guidelines on debit cards were issued.
In terms of the revised guidelines, banks may ensure to issue debit cards, including co-branded debit cards, without seeking prior approval of the Reserve Bank, subject to the following:
2 Board approved policy
Banks may formulate a comprehensive debit cards issuance policy including policy on co-branded debit cards with the approval of their Boards and issue debit cards to their customers in accordance with this policy. Debit cards should be issued to customers having Saving Bank/Current Accounts but not to cash credit/ loan account holders.
3 Types of debit cards
Banks may issue only online debit cards including co-branded debit cards where there is an immediate debit to the customers’ account, and where straight through processing is involved.
4 Offline debit cards
Banks are not permitted to issue offline-debit cards. Banks which have been issuing offline debit cards were advised to conduct a review of their offline debit card operations and discontinue operations of such cards within a period of six months from December 12, 2012. Banks may, however, ensure that customers are duly informed regarding switching over to online debit cards. The review and confirmation regarding discontinuation of issue and operations of offline debit cards should be sent to the Chief General Manager, Department of Banking Operations and Development, Central Office Building, Shahid Bhagat Singh Marg, Mumbai 400001. However, till such time as offline cards are phased out, the outstanding balances / unspent balances stored on the cards shall be subject to computation of reserve requirements.
5 Compliance with Know Your Customer (KYC) Norms / Anti-Money Laundering (AML) Standards / Combating of Financing of Terrorism (CFT) / Obligation of banks under PMLA, 2002
The instructions/ guidelines on KYC/AML/ CFT applicable to banks, issued by RBI from time to time, may be adhered to in respect of all cards issued, including co-branded debit cards.
6 Payment of interest on balances
Payment of interest should be in accordance with interest rate directives as issued from time to time.
7 Terms and conditions for issue of cards to customers
i) No bank shall dispatch a card to a customer unsolicited, except in the case where the card is a replacement for a card already held by the customer.
ii) The relationship between the bank and the card holder shall be contractual.
iii) Each bank shall make available to the cardholders in writing, a set of contractual terms and conditions governing the issue and use of such a card. These terms shall maintain a fair balance between the interests of the parties concerned.
iv) The terms shall be expressed clearly.
v) The terms shall specify the basis of any charges, but not necessarily the amount of charges at any point of time.
vi) The terms shall specify the period within which the cardholder’s account would normally be debited.
vii) The terms may be altered by the bank, but sufficient notice of the change shall be given to the cardholder to enable him to withdraw if he so chooses. A period shall be specified after which time the cardholder would be deemed to have accepted the terms if he had not withdrawn during the specified period.
viii) (a) The terms shall put the cardholder under an obligation to take all appropriate steps to keep safe the card and the means (such as PIN or code) which enable it to be used.
(b) The terms shall put the cardholder under an obligation not to record the PIN or code, in any form that would be intelligible or otherwise accessible to any third party if access is gained to such a record, either honestly or dishonestly.
(c) The terms shall put the cardholder under an obligation to notify the bank immediately after becoming aware:
- of the loss or theft or copying of the card or the means which enable it to be used;
- of the recording on the cardholder’s account of any unauthorised transaction;
- of any error or other irregularity in the maintaining of that account by the bank.
(d) The terms shall specify a contact point to which such notification can be made. Such notification can be made at any time of the day or night.
ix) The terms shall specify that the bank shall exercise care when issuing PINs or codes and shall be under an obligation not to disclose the cardholder’s PIN or code, except to the cardholders.
x) The terms shall specify that the bank shall be responsible for direct losses incurred by a cardholder due to a system malfunction directly within the bank’s control. However, the bank shall not be held liable for any loss caused by a technical breakdown of the payment system if the breakdown of the system was recognizable for the cardholder by a message on the display of the device or otherwise known. The responsibility of the bank for the non-execution or defective execution of the transaction is limited to the principal sum and the loss of interest subject to the provisions of the law governing the terms.
8 Cash withdrawals
No cash transactions through the debit cards should be offered at the Point of Sale under any facility without prior authorization of Reserve Bank of India under Section 23 of the Banking Regulation Act, 1949.
9 Security and other aspects
i) The bank shall ensure full security of the debit card. The security of the debit card shall be the responsibility of the bank and the losses incurred by any party on account of breach of security or failure of the security mechanism shall be borne by the bank.
ii) Banks shall keep for a sufficient period of time, internal records to enable operations to be traced and errors to be rectified (taking into account the law of limitation for the time barred cases).
iii) The cardholder shall be provided with a written record of the transaction after he has completed it, either immediately in the form of receipt or within a reasonable period of time in another form such as the customary bank statement.
iv) The cardholder shall bear the loss sustained up to the time of notification to the bank of any loss, theft or copying of the card but only up to a certain limit (of fixed amount or a percentage of the transaction agreed upon in advance between the cardholder and the bank), except where the cardholder acted fraudulently, knowingly or with extreme negligence.
v) Each bank shall provide means whereby his customers may at any time of the day or night notify the loss, theft or copying of their payment devices.
vi) On receipt of notification of the loss, theft or copying of the card, the bank shall take all action open to it to stop any further use of the card.
vii) With a view to reducing the instances of misuse of lost/stolen cards, banks may consider issuing cards with photographs of the cardholder or any other advanced methods that may evolve from time to time.
10 Compliance with DPSS instructions
The issue of debit cards as a payment mechanism would also be subject to relevant guidelines including guidelines on security issues and risk mitigation measures, card-to-card fund transfers, merchant discount rates structure, failed ATM transactions, etc, issued by the Department of Payment and Settlement Systems under the Payment and Settlement Systems Act, 2007, as amended from time to time.
11 Issue of International Debit Card
Issue of international debit cards will also be subject to directions issued under Foreign Exchange Management Act, 1999, as amended from time to time.
12 Review of operations
The banks should undertake review of their operations/issue of debit cards on half-yearly basis. The review may include, inter-alia, card usage analysis including cards not used for long durations due to their inherent risks.
13 Reporting requirements
The report on the operations of smart/debit cards issued by banks required to be submitted on a half yearly basis to the Department of Payment and Settlement Systems (DPSS) with a copy to the concerned Regional Office of Department of Banking Supervision in whose jurisdiction the Head Office of the bank is situated, as prescribed in paragraph 14.1 of the Master Circular on Para Banking Activities is discontinued with immediate effect.
14 Redressal of grievances
Banks may ensure to put in place an effective mechanism for redressal of customer complaints. The grievance redressal procedure of the bank and the time frame fixed for responding to the complaints should be placed on the bank's website. The name, designation, address and contact number of important executives as well as the Grievance Redressal Officer of the bank may be displayed on the website. There should be a system of acknowledging customers' complaints for follow up, such as complaint number / docket number, even if the complaints are received on phone. If a complainant does not get satisfactory response from the bank within a maximum period of thirty (30) days from the date of his lodging the complaint, he will have the option to approach the Office of the concerned Banking Ombudsman for redressal of his grievance/s. DPSS guidelines on timeframe for reconciliation of failed transactions at ATMs as amended from time to time should be complied with in this regard.
15 Co-branding arrangement
Co-branded debit cards issued by banks will be subject to the following terms and conditions, in addition to the above:
-
Board approved policy
The co-branding arrangement should be as per the Board approved policy of the bank. The policy may specifically address issues pertaining to the various risks associated with such an arrangement including reputation risk and put in place suitable risk mitigation measures.
-
Due diligence
Banks should carry out due diligence in respect of the non-banking entity with which they intend to enter into tie-up for issue of such cards to protect themselves against the reputation risk they are exposed to in such an arrangement. Banks may ensure that in cases where the proposed co-branding partner is a financial entity, it has obtained necessary approvals from its regulator for entering into the co-branding agreement.
-
Outsourcing of activities
The card issuing bank would be liable for all acts of the co-branding partner. The bank may ensure adherence to the guidelines on “Managing Risks and Code of Conduct in outsourcing of financial services by banks” as contained in the circular DBOD.No.BP.40/21.04.158/2006-07 dated November 3, 2006, as amended from time to time.
-
Role of non-bank entity
The role of the non-bank entity under the tie-up arrangement should be limited to marketing/ distribution of the cards or providing access to the cardholder for the goods/services that are offered.
-
Confidentiality of customer information
The card issuing bank should not reveal any information relating to customers obtained at the time of opening the account or issuing the card and the co-branding non-banking entity should not be permitted to access any details of customer’s accounts that may violate bank’s secrecy obligations.
Banks, which were granted specific approvals for issue of co-branded debit cards in the past, were advised to ensure that the co-branding arrangement is in conformity with the instructions mentioned above. In case, the co-branding arrangement is between two banks, the card issuing bank may ensure compliance with the above conditions.
16 Unsolicited Commercial Communication
As stated in paragraph I 6.1(g), banks may ensure that they engage telemarketers who comply with directions/ regulations issued by the Telecom Regulatory Authority of India (TRAI) from time to time.
III Issuance of rupee denominated co-branded pre-paid cards
1 Introduction
Banks were permitted to issue smart cards subject to the instructions contained in our circulars DBOD.No.FSC.BC.123/24.01.019/99-2000 dated November 12, 1999, DBOD. No.FSC.BC.133/ 24.01.019/2000-01 dated June 18, 2001 and DBOD.No.FSC.BC.88/24.01.019/2001-02 dated April 11, 2002. While foreign currency denominated pre-paid cards, including co-branding arrangements, if any, can be issued subject to the guidelines issued under Foreign Exchange Management Act, 1999, as amended from time to time, issue of rupee denominated pre-paid payment instruments is subject to the stipulations contained in the Notification on the Issuance and Operation of Pre-paid Payment Instruments in India (Reserve Bank) Directions, 2009 by Department of Payment and Settlement Systems (DPSS) of the Reserve Bank of India, under the Payment and Settlement Systems Act, 2007, vide circular DPSS.CO.PD.No.1873/02.14.06/2008-09 dated April 27, 2009, as amended from time to time. In terms of paragraph 6 of circular DPSS.CO.No.1041/02.14.006/ 2010-2011 dated November 04, 2010, banks/NBFCs/other persons desirous of issuing such co-branded pre-paid instruments may seek one time approval from Reserve Bank of India.
Accordingly, in supersession of the earlier guidelines on issue of smart cards, it was decided to grant general permission to banks to issue rupee denominated co-branded pre-paid cards in India, subject to the following terms and conditions:
2 Board approved policy
The co-branding arrangement should be as per the Board approved policy of the bank. The policy may specifically address issues pertaining to the various risks associated with such an arrangement including reputation risk and put in place suitable risk mitigation measures.
3 Due diligence
Banks should carry out due diligence in respect of the non-banking entity with which they intend to enter into tie-up for issue of such cards to protect themselves against the reputation risk they are exposed to in such an arrangement. In case of proposed tie up with a financial entity, they may ensure that that entity has the approval of its regulator for entering into such arrangement.
4 Outsourcing of activities
The card issuing bank would be liable for all acts of the co-branding partner. The bank may ensure adherence to the guidelines on “Managing Risks and Code of Conduct in outsourcing of financial services by banks” as contained in the circular DBOD.No.BP.40/21.04.158/2006-07 dated November 3, 2006, as amended from time to time.
5 Role of non-bank entity
The role of the non-bank entity under the tie-up arrangement should be limited to marketing/ distribution of the cards or providing access to the cardholder for the goods/services that are offered.
6 Compliance with Know Your Customer (KYC) Norms / Anti-Money Laundering (AML) Standards / Combating of Financing of Terrorism (CFT) / Obligation of banks under PMLA, 2002
The instructions/ guidelines on KYC/AML/ CFT applicable to banks, issued by RBI from time to time, should be adhered to, in respect of all cards issued under the co-branding arrangement.
7 Confidentiality of customer information
The card issuing bank should not reveal any information relating to customers obtained at the time of opening the account or issuing the card and the co-branding non-banking entity should not be permitted to access any details of customer’s accounts that may violate bank’s secrecy obligations.
8 Payment of interest
As hitherto, no interest may be paid on the balances transferred to pre-paid payment cards.
9 Compliance with DPSS Guidelines on Issue and Operation of pre-paid instruments in India
The arrangement will be subject to adherence/ compliance with instructions issued by DPSS from time to time on issue and operation of pre-paid instruments, which includes pre-paid cards, in India.
Banks, which were granted specific approvals for issue of rupee denominated co-branded pre-paid cards in the past, are advised to ensure that the co-branding arrangement is in conformity with the instructions mentioned above. In case, the co-branding arrangement is between two banks, the card issuing bank may ensure compliance with the above conditions.
10 Unsolicited Commercial Communication
As stated in paragraph I 6.1(g), banks may ensure that they engage telemarketers who comply with directions/ regulations issued by the Telecom Regulatory Authority of India (TRAI) from time to time.
ANNEX
1. Most Important Terms and Conditions (MITCs)
(a) Fees and Charges
-
Joining fees for primary card holder and for add-on card holder
-
Annual membership fees for primary and add-on card holder
-
Cash advance fee
-
Service charges levied for certain transactions
-
Interest free (grace) period - illustrated with examples
-
Finance charges for both revolving credit and cash advances
-
Overdue interest charges - to be given on monthly & annualised basis
-
Charges in case of default
(b) Drawal limits
-
Credit limit
-
Available credit limit
-
Cash withdrawal limit
(c) Billing
-
Billing statements—periodicity and mode of sending
-
Minimum amount payable
-
Method of payment
-
Billing disputes resolution
-
Contact particulars of 24 hour call centers of card issuer
-
Grievances redressal escalation—contact particulars of officers to be contacted
-
Complete postal address of card issuing bank
-
Toll free number for customer care services
(d) Default and circumstances
-
Procedure including notice period for reporting a card holder as defaulter
-
Procedure for withdrawal of default report and the period within which the default report would be withdrawn after settlement of dues
-
Recovery procedure in case of default
-
Recovery of dues in case of death/ permanent incapacitance of cardholder
-
Available insurance cover for card holder and date of activation of policy
(e) Termination / revocation of card membership
- Procedure for surrender of card by card holder - due notice
(f) Loss/theft/misuse of card
-
Procedure to be followed in case of loss/ theft/ misuse of card-mode of intimation to card issuer
-
Liability of card holder in case of (i) above
(g) Disclosure
Type of information relating to card holder to be disclosed with and without approval of card holder
2. Disclosure of MITCs - Items to be disclosed in stages :
-
During marketing - Item no: a
-
At application - Item nos:all items from a to g
-
Welcome Kit - Item nos: all items from a to g
-
On billing - Item nos: a, b and c,
-
On an ongoing basis, any change of the terms and conditions
Note :
APPENDIX
List of Circulars consolidated by the Master Circular
No |
Circular No. |
Date |
Subject |
1 |
DPSS(CO)PD.No.1462/ 02.14.003/ 2012-13 |
February 28, 2013 |
Security and risk mitigation measures for electronic payment transactions |
2 |
DBOD.No.FSD.BC.67/24.01.019/ 2012-13 |
December 12, 2012 |
Issuance of rupee denominated co-branded pre-paid cards |
3 |
DBOD.No.FSD.BC.66/24.01.019/ 2012-13 |
December 12, 2012 |
Guidelines for issue of debit cards by banks |
4 |
DPSS.PD.CO.No.223/02.14.003/2011-2012 |
August 04, 2011 |
Security Issues and Risk Mitigation Measures related to Card Not Present (CNP) Transactions |
5 |
DPSS.CO.PD.2224/02.14.003/
2010-11 |
March 29, 2011 |
Security Issues and Risk Mitigation Measures - Online Alerts to the Cardholder for Usage of Credit / Debit Cards. |
6 |
DPSS.CO.No.1503/02.14.003/
2010-11 |
December 31, 2010 |
Security Issues and Risk Mitigation Measures related to Card Not Present Transactions |
7 |
DBOD.FSD.BC.No.25/24.01.011/
2010-11 |
July 9, 2010 |
Credit Card Operations of Banks |
8 |
DPSS.No.1501/02.14.003/
2008-2009 |
February 18, 2009 |
Credit/ Debit Card Transactions – Security Issues and Risk Mitigation Measures |
9 |
DBOD.No.FSD.BC.45/24.01.011/
2008-09 |
September 17, 2008 |
Unsolicited Commercial Communications -
National Do Not Call (NDNC) Registry |
10 |
DBOD.FSD.BC.23/24.01.01/2008- 09 |
July 23, 2008 |
Credit Card Operations of
Banks |
11 |
DBOD.No.Leg.BC.75/09.07.005/2007-08 |
April 24, 2008 |
Recovery Agents engaged by banks |
12 |
DBOD.FSD.BC.35/24.01.011/
2007-08 |
October 19, 2007 |
Unsolicited Commercial
Communications –National
Do Not Call Registry |
13 |
DBOD.FSD.BC.19/24.01 .011/ 2007-08 |
July 3, 2007 |
Unsolicited Commercial
Communications – National
Do Not Call Registry |
14 |
DBOD.No.Dir.BC.93/13.03.00/
2006-07 |
May 7, 2007 |
Complaints about excessive interest charged by banks |
15 |
DBOD. No. Leg. BC.65/09.07.005/2006- 07 |
March 06, 2007 |
Guidelines on Fair Practices Code for Lenders |
16 |
DBOD. FSD. BC. No. 49/ 24.01.011/ 2005-06 |
November 21, 2005 |
Credit Card Operations by banks |
17 |
DBOD.Leg.BC.104/09.07.007/
2002-03 |
May 5, 2003 |
Guidelines on Fair
Practice Codes for
Lenders |
18 |
DBOD.No.FSC.BC.120/24.01.011/2000- 01 |
May 12, 2001 |
Credit Card Business of
Banks |
19 |
DBOD.No.FSC.BC.41/24.01.011/2000- 01 |
October 30, 2000 |
Issue of Credit/Debit Cards by banks |
20 |
DBOD.No.FSC.BC.50/24.01.011/98 |
June 2, 1998 |
Entry of banks into domestic credit card business |
21 |
DBOD.No.FSC.BC.152/24.01.01/97-98 |
December 9, 1997 |
Domestic credit card business of banks |
22 |
DBOD.No.FSC.BC.47/C.469-90/91 |
November 7, 1990 |
Entry of banks into domestic credit card business |
23 |
DBOD,No.BP(FSC).BC.144/C.469-89 |
June 30, 1989 |
Entry of banks into domestic credit card business |
|