…cardholders are advised to contact their banks to verify a transaction

Thukten Zangpo 

Many a time, when tourists try to pay their visa and sustainable development fee (SDF) through international payment gateway in Bhutan, the transaction fails. The tourists panic, and there is not much that can be done.

It was learnt that more than 50 percent of online transactions do not work on the international payment gateway.

Another issue, Department of Tourism (DoT) officials said, is that the tourists in the country cannot buy things or pay for hotels because of the lack of credit card infrastructure in the country.

“Some hotels insist on upfront payment from guests before they arrive due to issues,” the official said. Most retailers do not accept credit cards.

Unlike in the past, tour operators now have to request tourists to pay their SDF and visa fee, a tour operator said, adding that the online transaction success rate would be less than 30 percent.

Currently, in Bhutan, two banks—only Bank of Bhutan Limited (BoB) and Bhutan National Bank Limited (BNB)—accept the international payment gateway.

BoB accepts Visa and Mastercard and the Bank is working to integrate with American Express for international payment gateway.  BNB accepts Visa, Mastercard, Maestro, American Express, JCB card (Japan), Diner card, and Discover card.

For physical transactions from ATM and POS terminals, the BoB accepts Visa, Mastercard, Maestro, American Express, RuPay and JCB; BNBL accepts Visa and RuPay; Druk PNB accepts Mastercard, Maestro, and RuPay.

T-Bank Limited and Bhutan Development Bank Limited accept only RuPay.

Transaction failures 

According to an official from the BoB, about 90 percent of transaction failures in the international payment gateway are issuer-related; technical failures constitute only a small percentage.

He added that the issuing banks do not decline transactions by default (unless the card is not enabled for international payments); their fraud and risk management (FRM) systems may reject the transaction request if they are considered suspicious.

The official said that some of the reasons the issuing banks trigger their FRM are because of the first-time transactions, unusual transaction behaviour or patterns, uncharacteristic behaviour, transactions originating from unfamiliar countries, multiple transactions in short periods, and incorrect details including wrong 3D security credentials or OTPS (one-time password SMS).

“If the transaction does not meet the bank’s fraud and risk criteria, the issuing bank rejects the transaction,” an official said, adding that credit card fraud is a big problem in the world.

An individual bank has their own AI-powered FRM system. It is the process of identifying, understanding, and responding to fraud risks. The system ensures the cardholders are safe from fraud.

According to the BoB official, the FRM kicks in and rejects the transaction if a visitor has no history of transaction in Bhutan.

He added that tourists visiting Bhutan usually make online payment of USD 2,000. “The FRM system checks the cardholders’ patterns and habits and will block the transaction if it is out of character.”

Bhutan falls in the Asia-Pacific region, a high-risk region of credit card fraud, an official said.

He added that BoBL has updated the online payment security to 3D security version (3DS) 2.0 which is mandated by the credit card network. Other banks, he said, are still in the 3DS version 1.0.

“When there is a mismatch between the versions, the transaction fails,” he said.

3DS is a technical standard that adds a layer of security in online credit and debit card transactions. It is created by Visa and Mastercard.

Bank officials said that if the cards are repeatedly used at the ATMs and POS, the issuer banks’ FRM triggers.

The issuing bank does not know that the Bhutanese cash withdrawal terminals can dispense only Nu 15,000 at a time, he added.

The official also said that there are cases of cardholders entering the wrong PIN or of failing the OTPS verification, insufficient balance, exceeding transaction amount and expired cards.

There is also rejection from the issuing bank, especially the Indian cards, which are designed for only domestic use.

A tour operator said that most of the POS terminals are not working and that there is no proper network connectivity.

Bank officials said that the POS terminals in Bhutan do not support PIN.

BoB has about 607 POS terminals; BNB has around 100 in the country.


The GovTech is working with Royal Monetary Authority (RMA) and the banks to coordinate and assist to make the payments smooth. They also have come with interventions to resolve the issues.

If the issuing banks decline the transaction because of the banks’ FRM, the BoB official said that the cardholders are advised to contact their issuing bank to verify their transaction.

“Informing the issuing bank that it is a genuine transaction and for Bhutan, the banks will allow the transaction,” he said, adding that the BoB does not have connections with the issuing banks.

The bank has maintained its system capability, network and system infrastructure at the highest level of any developed country’s banking system, the BoB official said.

According to GovTech, cardholders are advised to contact their banks prior to their visit or transaction attempt and be sure the card is enabled for use internationally.

For Indian bank-issued cards, cardholders are advised to contact their banks and verify if the cards can be used in Bhutan.

However, an official from DoT said the cardholders are not always required to contact the banks. “Most people never have to do this when they travel or make international payments.”

To address the failures related to systems, the bank official said that the bank implemented a fall back system to accept less secure cards (3DS version 1.0 from version 2.0) at the risk of the bank’s increased fraud from October last year.

The RMA, the GovTech, and the banks also recommended SWIFT transfers for the department of immigration’s (DoI) visa payments, which are fully functional.

They added that according to the DoI requirements, a unique identifier number (UIN) generated by the DoI visa system should be presented to the bank by the tour operator.

And the identifier is tied to specific visa applications and must be displayed in the DoI account statement.

Since the bank’s core banking solution is currently unable to accommodate the full length of the UIN, DoI has been requested to shorten the UIN to a maximum of 13 characters per transfer.

There is also a recommendation to explore the direct wire transfer payment to DoI by tourists.

For POS, the PIN mandate at POS, fall back to the PIN-less transactions project is in progress.