RBI Proposes New Framework On Additional Factor Of Authentication For Digital Payments

RBI Proposes New Framework On Additional Factor Of Authentication For Digital Payments

SUMMARY

The central bank’s draft “Framework on Alternative Authentication Mechanisms for Digital Payment Transactions” aims to widen the choice of authentication factors available to payment system operators and users

The RBI has proposed that all digital payment transactions, other than card present transactions, ensure that one of the factors of authentication is created dynamically

The RBI has sought comments and feedback on the draft framework by September 15, 2024

The Reserve Bank of India (RBI) has proposed alternate methods of additional factor of authentication (AFA) for digital transactions, including PIN, passwords, cards, and biometrics such as fingerprints, among others.

The central bank’s draft “Framework on Alternative Authentication Mechanisms for Digital Payment Transactions” released on Wednesday (July 31) aims to widen the choice of authentication factors available to payment system operators and users. 

“Over the years, the Reserve Bank of India has prioritised security of digital payments, in particular the requirement of Additional Factor of Authentication (AFA) for making payments. No specific factor was mandated for authentication, but the digital payments ecosystem has primarily adopted SMS-based OTP as AFA. While OTP is working satisfactorily, technological advancements have made available alternative authentication mechanisms,” said the RBI.

An AFA requires the use of more than one factor for authentication of a payment instruction.

The release of the draft framework is in line with the central bank’s announcement in February to adopt a principle-based “Framework for authentication of digital payment transactions” for digital security.

The central bank terms any credential input by the customer that is verified for the purpose of confirming the originator of a payment instruction as the factor of authentication. These factors are broadly categorised as something the user knows (such as password, passphrase, PIN), something the user has (such as card hardware or software token), and something the user is (such as fingerprint or any other form of biometrics).

The central bank has proposed that all digital payment transactions, other than card present transactions, ensure that one of the factors of authentication is created dynamically. This means that the factor should be generated after initiation of payment, be specific to the transaction, and cannot be reused.

It said that the issuers –  bank or non-bank where the customer’s account is maintained – can decide the appropriate AFA for a transaction based on the risk profile of the customer and/ or beneficiary, transaction value, channel of origination, among others.

The following transactions will be exempted from customer authentication: 

  • Small value card present transactions for values up to INR 5,000 per transaction in contactless mode at point-of-sale (PoS) terminals. 
  • Transactions in respect of subscription to mutual funds, payment of insurance premiums, and credit card bill payments up to certain values 
  • Digital toll payments
  • Offline payment transactions up to a value of INR 500

The RBI has sought comments and feedback on the draft framework by September 15, 2024.

“All Payment System Providers and Payment System Participants (banks and non-banks) shall ensure compliance with this framework within three months from the date of issue of these directions,” the central bank said.

The development comes at a time when the number of digital transactions as well as digital frauds are on the rise in the country. A recent report by Amazon Pay said that Indian merchants process 69% of their transactions via digital payments. Meanwhile, the central bank said in its annual report that the number of online frauds in the country surged 334% year-on-year to 29,082 in FY24.

Earlier today, the RBI also proposed tighter norms for Aadhaar-enabled Payment System (AePS) touchpoint operators to curb frauds.

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
UNLOCK 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
UNLOCK 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

RBI Proposes New Framework On Additional Factor Of Authentication For Digital Payments-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

RBI Proposes New Framework On Additional Factor Of Authentication For Digital Payments-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

RBI Proposes New Framework On Additional Factor Of Authentication For Digital Payments-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

RBI Proposes New Framework On Additional Factor Of Authentication For Digital Payments-Inc42 Media
RBI Proposes New Framework On Additional Factor Of Authentication For Digital Payments-Inc42 Media
You’re in Good company