From 1 January users will need an additional password for credit card transactions done over the phone. However, this would be a one-time password (OTP), unlike other passwords and PINs (personal identification numbers), which expires over a period of time ranging from 30 minutes to 24 hours after the conclusion of the transaction.

The move comes in the wake of an RBI directive issued last August. Some of the banks are sending out mailers to cardholders to update them about the new six-digit code that would be required from 1 January.

Though only the CVV number and a special password can get you through with an online transaction currently, an OTP would be necessary for all Interactive Voice Response (IVR) transactions over the phone from next year.  The user's credit card number would need to be provided on an automated system for effecting payment.

Also with some banks OTP is mandatory for mobile transactions such as recharging of cellphones or direct-to home connection.

Different banks have taken different approaches issue the numbers to their customers. The larger banks like SBI-have given cardholders the option to generate the new password either over a call to the helpline number or get it online or through an SMS. The OTP is sent to the user's registered cellphone number. So users should make sure that the registered number with the card issuer is the one they are using.

Some foreign banks such as Standard Chartered insist that users generate their OTP online. For this, they would need to first punch their credit card number and then key in their online password, which was mandated last year, and the OTP would be displayed online.