Uber today announced that it has complied with the Reserve Bank of India’s requirement that every transaction made with an Indian credit card use two-factor authentication (2FA). Yet the company has done so grudgingly: While 2FA is widely seen as a security measure, Uber says it has a negative impact on businesses.
For context, two-factor verification requires you to use more than one form of verification to access an account. Typically, this information includes “knowing something” such as a password and “having something” such as a mobile device. In the case of India’s 2FA requirement, a one-time code is sent to your phone, which you then need to punch into the merchant’s payment terminal.
In its announcement, Uber calls the requirement in India an “antiquated solution that is cumbersome for consumers and stifling for businesses across India” as well as “unnecessary” and “burdensome.” While the first two claims are frankly ridiculous (2FA is hardly unnecessary, and it is definitely not antiquated), the company’s last complaint is understandable.
The company unhappily notes that the rule applies to all transactions, “no matter how small the amount,” pointing out that even short cab ride in the country can’t be as quick and efficient as everywhere else Uber offers its services. Yet India’s population is well over 1.2 billion, so even small fraudulent transactions can quickly add up.
Uber also argues that the requirement is “causing a major challenge for businesses trying to offer Indian consumers a better purchasing experience.” The company further notes that consumers prefer the old system, but “India’s one-of-a-kind 2FA requirement persists” despite the claim that it runs counter to “the face of rapidly changing business expectations.”
The good news is hidden in all these complaints. Uber does note that it has seen “a slow conversion” of riders from credit cards to a 2FA-compliant wallet, and that it is engaged in constructive discussions with the RBI. The company further adds it is talking with the Indian government “to advance regulations that support innovation and job creation.”
Uber also makes a request:
In the meantime, we would welcome an additional 45-day extension from the RBI that would give the majority of our existing riders sufficient time to transition over to a new 2FA-compliant payment system. This additional grace period not only prevents consumers from being disadvantaged but it also protects partner-drivers who rely on Uber’s riders as their sole source of income.
This seems reasonable to us. We applaud India for pushing such a requirement to boost security, but if a company says its business will be affected less if it can delay the switch by six weeks, that seems like a valid appeal.
Uber is probably particularly annoyed because it was forced to make the change: If it didn’t, the RBI would have shut it down. Furthermore, the ride-sharing service also now has one fewer differentiator when compared to local taxi companies like Ola and Meru.
Since your credit card details are saved in Uber’s app, you don’t have to fiddle around with cash when the car pulls up at your destination, meaning you can just jump out and go. This works the same way everywhere Uber operates — except in India now, where you have to go about the additional step of putting in the one-time code.