The RBI has made digital payments security its top priority.
The RBI has made digital payments security its top priority.The Reserve Bank of India has tabled a new draft of Framework on Alternative Authentication Mechanisms for Digital Payment Transactions, focussing on various authentication forms required while making payments online. The central bank has made digital payments security its top priority. This decision was prompted by the emphasis on the need for Additional Factor of Authentication (AFA) when carrying out payment transactions. It is important to note that authentication processes previously did not have any specific criteria in place.
Authentication Factor Aggregation (AFA) refers to the utilisation of multiple factors to verify a payment instruction. In the present digital payment landscape, the prevalent method of AFA involves the use of SMS-based One-Time Passwords (OTPs).
The RBI in a press release issued on July 31, 2024, said, “The Reserve Bank of India has prioritised security of digital payments, in particular the requirement of Additional Factor of Authentication (AFA) for making payments. No specific factor was mandated for authentication, but the digital payments ecosystem has primarily adopted SMS-based OTP as AFA. While OTP is working satisfactorily, technological advancements have made available alternative authentication mechanisms.”
The central bank further said: “Any credential input by the customer which is verified for the purpose of confirming the originator of a payment instruction. The factors of authentication are broadly categorised as below:
> Something the user knows (such as password, passphrase, PIN)
> Something the user has (such as card hardware or software token)
> Something the user is (such as fingerprint or any other form of biometrics)
Unless otherwise specified in this framework, all digital payment transactions will be verified through the use of an additional factor of authentication (AFA).
As per the RBI draft, when determining the proper AFA for a transaction, issuers such as banks, non banks can use a risk-based methodology that takes into account the transaction value, origination channel, customer and/or beneficiary risk profiles, among other factors. Issuers must have a mechanism in place to notify customers of any eligible digital payment transactions almost instantly.
According to the draft framework by the RBI, small-value contactless card payments, e-mandates for recurring transactions, utility payments through select prepaid instruments, and small-value digital payments in offline mode are not subject to AFA requirements.
Small value card present transactions for values upto Rs 5000/- per transaction in contactless mode at Point of Sale (PoS) terminals.
E-mandates for recurring transactions beyond the initial payment are permissible for the following categories and transaction limits:
a) Mutual fund subscription: Up to Rs 1,00,000.
b) Insurance premium payments.
c) Credit card bill payments.
For all other transaction categories, e-mandates are allowed for values up to Rs 15,000.
Utility through select Prepaid Instruments / NETC:
The following categories of instruments/systems: Prepaid Instruments (PPIs) issued under PPI – Mass Transit Service and Gift PPIs.
Transactions in the National Electronic Toll Collection (NETC) System
In its February MPC meeting, the central bank had mentioned that over the recent years, there has been a rise in alternative authentication methods due to technological advancements. Consequently, there is an increasing requirement to implement a principle-driven structure for authenticating digital payment transactions.
RBI Governor Shaktikanta Das said: "With innovations in technology, alternative authentication mechanisms have emerged in recent years. To facilitate the use of such mechanisms for digital security, it is proposed to adopt a principle-based “Framework for authentication of digital payment transactions”. Instructions in this regard will be issued separately."
The central bank said it would issue comprehensive guidelines separately that will delineate the specifics of this fundamentally based authentication framework.
IndiGo flight cancellations: DGCA blames IndiGo CEO Pieter Elbers for chaos, demands response in 24 hours
IndiGo ‘solely responsible’ for flight chaos, ‘alarming’ drop in on-time record: Ram Mohan Naidu
Inflation, capacity and crisis: How the govt fixed the Rs 7,500–18,000 fare caps
Flight disruptions: Did IndiGo wait too long with pilot recruitment to follow DGCA flight rules?
After record disruptions, IndiGo restores 95% network as daily cancellations fall below 850
Will Pharma & Hospitals Lead Markets In 2026? | Portfolio Strategy Revealed
Can India Sustain 8%+ Growth? Inflation And Other Challenges Explained
"We Share, Not Just Sell”: Putin Reveals India–Russia Defence Upgrade & Nuclear Plans | Exclusive
Ground Report From IGI Counters: Stranded Flyers Slam IndiGo Amid Widespread Cancellations
FM Sitharaman Clarifies Cess On Demerit Goods: Fungible Funds For Defence, Public Health Support
Suzlon, IndiGo, ICICI Bank, Biocon, MTAR Tech among stocks in focus next week; here's why
Cochin Shipyard signs contract with Denmark-based firm; key details
Biocon to fully merge Biocon Biologics; board approves fundraise up to Rs 4,500 crore
ICICI Prudential AMC IPO to open on Dec 12; shareholder quota, OFS details, key dates
Suzlon shares in focus on Monday: Penalty cut, new factories, fine details & more