The Reserve Bank of India (RBI) has introduced a draft framework aimed at enhancing the security of digital payment transactions. This initiative comes as part of the RBI’s ongoing efforts to leverage technological advancements and streamline the authentication process for digital payments.
The draft framework proposes the implementation of various alternative authentication mechanisms beyond the currently prevalent SMS-based One-Time Password (OTP). The aim is to allow the payments ecosystem to utilize advanced technological solutions for securing transactions. All payment system providers and participants must comply with the new framework within three months of its issuance, as mandated under the Payment and Settlement Systems (PSS) Act, 2007.
Several key principles are outlined in the framework to ensure robust and secure authentication processes. Firstly, digital payment transactions must include an additional factor of authentication (AFA) unless exempted by specific provisions. One of the authentication factors must be dynamically generated, ensuring it is transaction-specific and cannot be reused.
Issuers are encouraged to adopt a risk-based approach to determine the appropriate authentication factors based on the transaction’s risk profile, customer, and other parameters.
Certain transactions, including small-value contactless card payments up to ₹5000, recurring transactions under specified limits, specific prepaid instruments, and small-value offline digital payments, are exempt from the AFA requirement.
