I understand what you’re saying. But I’ve seen many int websites whose payment goes through OTP authentication. I think it depends on payment gateway ie. if It’s 3D secure or 2D secure.
@Vipul_Mehta Can you confirm if this can be disabled from bank end ? If user gets option to enable/disable those transactions it’ll be great.
I don’t see how authentication without otp is a bug and not a feature.
A lot of banks implement this otp auth and because of that, all recurring charges like Netflix. iTunes etc will simply fail to go through and require a manual intervention which is very annoying.
The simple way to secure it is to limit the transaction amount to let’s say 2k.
The way this “insecure” system works in US is that the onus for fraud detection lies with the bank, and you can get fraudulent charges reversed no question asked.
One amazing way this could be handled is virtual cards like this https://privacy.com/
The best way to implement would be ask OTP for the first time, and consider that as mandate for recurring charges, though not sure about the technical and regulatory issues @Jiten
That is not true. Recurring subscriptions work without any issues. You only have to authenticate for recurring payments the first time and not everytime.
The option to enable/disable OTP specific international transactions is not possible.
If the merchant receiving the funds has not enabled the OTP route, the transactions will go through without OTP. Hence, the onus on merchant in case of any fraud.
Since, the bank has no visibility on the merchant’s side…it cannot be provided as a user specific setting.