RBI issues new guidelines for digital payment security, check details here
The Reserve Bank of India (RBI) has announced that new directions concerning digital payment authentication will come into force from April 1, 2026, as per an official notification. These directions mandate that all Payment System Providers and Participants—including both banks and non-bank entities—ensure full compliance by the specified deadline, unless explicitly stated otherwise.
### Enhanced Authentication for Digital Transactions
Currently, most digital transactions in India rely on SMS-based One-Time Passwords (OTPs) as the second factor of authentication. However, due to rapid technological advancements and the increasing sophistication of cyber threats, the RBI now requires that all digital payment transactions incorporate at least two distinct authentication factors. Importantly, at least one of these factors must be dynamic—unique to each transaction—to better prevent fraud and unauthorized access.
### Scope of the New Directions
The new framework applies to all domestic digital transactions, with specific provisions for cross-border card-not-present (CNP) transactions. For international transactions where the physical card is not used, card issuers must implement appropriate verification mechanisms by October 1, 2026.
The RBI had earlier released draft directions on Alternative Authentication Mechanisms for Digital Payment Transactions on July 31, 2024, and draft directions on introducing an Additional Factor of Authentication (AFA) in cross-border CNP transactions on February 7, 2025, inviting feedback from stakeholders. Public feedback has been carefully examined and incorporated into the final directions.
### Key Highlights of the Framework
– **Encouragement of New Authentication Factors:** The framework promotes the adoption of new factors of authentication by leveraging technological advancements. However, it does not mandate discontinuing SMS-based OTPs as an authentication factor.
– **Risk-Based Checks:** Issuers are enabled to adopt additional risk-based security checks beyond the minimum two-factor authentication requirements, based on their assessment of the underlying transaction’s fraud risk.
– **Interoperability and Open Access:** The directions facilitate interoperability and open access to technology to foster a secure and flexible payments ecosystem.
– **Issuer Responsibilities:** The notification clearly delineates the responsibilities of issuers in implementing the enhanced security measures.
– **Cross-Border Transaction Validation:** Card issuers are mandated to validate the Additional Factor of Authentication in non-recurring cross-border CNP transactions whenever such a request is raised by the overseas merchant or acquirer.
These measures aim to strengthen the security of digital payments in India, protecting users and participants from evolving cyber threats while encouraging innovation in authentication technologies. Stakeholders are advised to review and align their systems to comply with these upcoming regulatory requirements ahead of the enforcement date.
https://www.mid-day.com/news/india-news/article/rbi-issues-new-guidelines-for-digital-payment-security-in-india-check-complete-details-here-23595755
You may also like
Leave a Reply