Circulars/Notifications - Payment System Department  
 PSD Circular Letter No. 02 of 2021
Febuary 19, 2021 

The Presidents/CEOs
All Banks/MFBs/PSOs/PSPs/EMIs,

Dear Sir/Madam,

Regulations for Payment Card Security


Please refer to PSD Circular No. 05 of 2016 on the captioned subject. In light of the progress made by industry on implementation of SBP’s instructions issued vide the afore-mentioned circular, it has now been decided that:

  1. In order to curtail the risk of card-skimming, existing magnetic stripe cards and fallback to magnetic stripe on EMV cards shall be blocked by Card Service Providers (CSPs) at host end. For customers travelling abroad, CSPs shall have the functionality to turn on fallback upon specific customer request. Further, CSPs shall ensure that their cardholders activate their new EMV Chip and PIN cards well before the deadline of June 30, 2021 to avoid any inconvenience.

  2. CSPs after implementing EMVCos 3DSecure protocol may enable e-commerce transactions by default on their card portfolios for both local and cross-border e-commerce transactions. Accordingly, for all 3DSecure compliant CSPs, requirement of customer consent, as per clause 4.2.3. (b) of PSD Circular No. 5 of 2016 shall be considered as complied with. However, CSPs shall ensure that they fully inform their customers about the risks of using their cards for cross border e-commerce transactions.

  3. CSPs shall provide their customers with the option to activate, enable and disable their cards using mobile banking applications and internet banking portals. Furthermore, options to enable cards for usage on various channels like ATMs, POS and e-commerce shall also be available through mobile and internet banking channels. However, the use of at least Two Factor Authentication (2FA) shall be mandatory.

  4. In order to enhance customer experience and reduce checkout time on payment counters/terminals, CSPs may relax the requirement of Multi Factor Authentication (MFA) as required vide Section 4.2. (b) of PSD Circular No. 05 of 2016 for card present transactions (including contactless payments either through a card or through mobile devices) up to Rs. 3,000 per transaction. However, CSPs shall ensure that they fully inform their customers and adequately protect them from undue liability arising out of any potential misuse of this facility.

  5. For refund payments pertaining to both card present and card not present transactions, CSPs shall immediately credit their respective customer account upon the receipt of funds.

  6. To facilitate their customers, CSPs shall provide them the facility of lodging their complaints and disputes using mobile apps and internet banking portals without the need for physically visiting their premises. For expedited investigation and resolution of complaints/disputes, CSPs shall arrange for obtaining necessary data/information from their customers digitally or through their call centers.

2. CSPs shall bring the above measures and the changes being introduced to the knowledge of their customers by running awareness campaigns on print, digital and social media. They shall also ensure that customers are fully facilitated while using their payment cards.

3. CSPs are advised to meticulously comply with the instructions contained herein by June 30, 2021. Failure to do so shall attract penal action under relevant laws and regulations.

4. Please acknowledge receipt.

Yours sincerely,


(Shoukat Bizinjo)
Additional Director

About SBP
Economic Data
Press Releases
Laws & Regulations
Monetary Policy
Help Desk
SBP Videos
Contact us
What's New?
Online Tenders
Web Links

Educational Resources
Regulatory Returns
Rupey ko Pehchano
Zahid Husain Memorial Lecture
Best view Screen Resolution : 1024 * 768
Copyright © 2016. All Rights Reserved.