RBI Unveils New Authentication Framework for Digital Payments in India

The Reserve Bank of India (RBI) is taking significant strides to bolster the security of digital payments. Announcing in February 2024, the central bank unveiled a new framework aiming to modernize authentication mechanisms used nationwide.

Effective April 1, 2026, all payment system providers and participants, including banks and non-bank entities, are required to implement this new framework. Current reliance on SMS-based One Time Passwords (OTP) will transition to a more secure, dual-factor authentication system, with at least one dynamic factor per transaction to thwart fraud and unauthorized access.

These regulations extend to domestic digital transactions and specific provisions for cross-border card-not-present transactions. Card issuers must ensure mechanisms are secured by October 2026 globally. The RBI's risk-based approach includes evaluating transaction behavior, location, and context to enhance security. Aligning with the Digital Personal Data Protection Act, issuers bear full responsibility for losses due to non-compliance, aiming to fortify trust in the digital payment ecosystem.

(With inputs from agencies.)