Now Reading: Two-Factor Authentication Mandatory for All Digital Payments Under New RBI Framework
-
01
Two-Factor Authentication Mandatory for All Digital Payments Under New RBI Framework
SRINAGAR: The Reserve Bank of India has announced comprehensive new directions for digital payment authentication that will take effect from April 1, 2026, introducing alternative authentication mechanisms whilst maintaining mandatory two-factor authentication for all transactions. According to the Economic Times, the new framework will allow financial institutions to move beyond the current SMS-based one-time password (OTP) system whilst retaining it as an option.
The RBI’s Authentication Mechanisms for Digital Payment Transactions Directions, 2025, specify that at least one authentication factor must be dynamically created or proven, making the proof of possession unique to each transaction. Authentication factors may include passwords, SMS-based OTPs, passphrases, PINs, card hardware, software tokens, fingerprints, or other forms of biometrics, either device-native or Aadhaar-based.
Under the new rules, reported by Business Today, issuers will be able to implement risk-based checks beyond the minimum two-factor authentication, evaluating transactions against behavioural and contextual parameters such as transaction location, user behaviour patterns, device attributes, and historical transaction profiles. For high-risk transactions, the RBI suggests that issuers may explore using DigiLocker as a platform for notification and confirmation.
The directions also mandate that card issuers establish mechanisms to validate additional authentication factors in non-recurring, cross-border card-not-present transactions when requested by overseas merchants or acquirers, effective from October 1, 2026.
Significantly, the RBI has stated that if any loss arises from transactions that do not comply with these directions, the issuer must compensate the customer in full without demur.
Vishwas Patel, chair of the Payments Council of India and joint managing director of Infibeam Avenues, told Business Standard that the directions “strike an important balance between consumer security and innovation” and will enable payment players to embrace next-generation tools like biometrics, tokenisation, and contextual risk checks.
Related Posts
Stay Informed With the Latest & Most Important News
Previous Post
Next Post
-
01CCF Kashmir Reviews Forest Conservation Efforts in Kamraj Division, Launches Winter Plantation Drive – Alfaaz – The Words -
02Property worth over 15 lacs attached under NDPS Act in Shopian: Police -
03Man critically injured in Rajouri highway accident -
04JKBOSE bi-annual board exam postponed scheduled on 18 Aug. -
05Sonamarg to host 10th National Snowshoe Championship–2026 -
06EU vows ‘unflinching’ response to Trump’s Greenland threats – National -
07Wayfinder unveils cross-chain crypto trading AI agents with HyperliquidEVM support