RBI issues new guidelines for digital payment security, check details here
2 mins read

RBI issues new guidelines for digital payment security, check details here

admin0Tagged , , , , , , , , ,

The Reserve Bank of India (RBI) has announced new directions regarding digital payment security, which will come into force from April 1, 2026, according to an official notification. All Payment System Providers and Participants—including banks and non-bank entities—must ensure full compliance with these directions by the stipulated deadline, unless specifically stated otherwise.

### Enhanced Authentication for Digital Transactions

Currently, most digital transactions in India rely on SMS-based One-Time Passwords (OTPs) as the second factor of authentication. However, with the rapid advancement of technology and the increasing sophistication of cyber threats, the RBI now mandates that all digital payment transactions incorporate at least two distinct authentication factors. Importantly, at least one of these factors must be dynamic—unique to each transaction—to effectively prevent fraud and unauthorized access.

### Applicability of New Directions

The new directions apply to all domestic digital transactions. Additionally, there are special provisions for cross-border card-not-present (CNP) transactions. For international transactions where the physical card is not used, issuers must implement suitable verification mechanisms by October 1, 2026.

### Background and Consultation

The RBI had previously issued draft directions on Alternative Authentication Mechanisms for Digital Payment Transactions on July 31, 2024, and draft directions on introducing an Additional Factor of Authentication (AFA) in cross-border CNP transactions on February 7, 2025. These drafts were released to gather stakeholder feedback, which has been carefully reviewed and incorporated into the final directions.

### Key Highlights of the Framework

– **Encouraging Innovation:** The RBI encourages the adoption of new factors of authentication by leveraging technological advancements. However, the framework does not mandate the discontinuation of SMS-based OTPs as an authentication factor.

– **Risk-Based Authentication:** Issuers are permitted to implement additional risk-based checks beyond the minimum two-factor authentication, depending on the fraud risk perception associated with the underlying transaction.

– **Interoperability and Open Access:** The directions facilitate interoperability and open access to technology within the digital payments ecosystem.

– **Issuer Responsibilities:** The framework clearly delineates the responsibilities of card issuers.

– **Cross-Border Transactions:** Card issuers are mandated to validate the Additional Factor of Authentication (AFA) in non-recurring cross-border CNP transactions whenever such a request is made by the overseas merchant or acquirer.

These measures reflect the RBI’s commitment to strengthening the security and reliability of digital payments across India and internationally. Payment service providers and participants are urged to prepare for compliance ahead of the implementation deadlines.
https://www.mid-day.com/news/india-news/article/rbi-issues-new-guidelines-for-digital-payment-security-in-india-check-complete-details-here-23595755

Leave a Reply

Your email address will not be published. Required fields are marked *

Website https://parma8200.com

Related Posts