Friday, September 20, 2024
HomeBlogRBI is considering new ways to authenticate digital payments other than OTP,...

RBI is considering new ways to authenticate digital payments other than OTP, now bank accounts will not be hacked

To prevent digital fraud, RBI issued guidelines on ‘Alternative Authentication Mechanism’. In this, the Reserve Bank has asked banks to introduce additional factor authentication. With a series of online frauds and scams leading to huge loss of money of naïve investors, the Reserve Bank of India (RBI) is taking concrete steps to ensure that digital payments remain safe.

For the uninitiated, the RBI has prioritised the security of digital payments over the past few years, specifically, requiring additional factors of authentication (AFA) to make payments. No specific factor was mandated for authentication, but the digital payments ecosystem has primarily adopted SMS-based one-time passwords (OTPs) as AFA.

While OTP works effectively, technological advancements have made alternative authentication mechanisms available.

It is worth remembering that the RBI had released a ‘Statement on Developmental and Regulatory Policies’ on February 8 this year, which was a precursor to the draft framework released now. For more details on this, you can read this article.

RBI has now released a draft ‘Framework on Alternative Authentication Mechanisms for Digital Payment Transactions’. The primary objective of this framework is to enable the ecosystem to adopt alternative authentication mechanisms. This will expand the choice of authentication factors available to payment system operators and users.

These are some of the key details of the framework

-All digital payment transactions will be authenticated with an additional factor of authentication (AFA), unless otherwise exempted.

-All digital payment transactions other than card-present transactions must ensure that one of the factors of authentication is dynamically created. This practically means that the factor is generated after the payment is initiated, is specific to the transaction and cannot be reused.

– First Factor of Authentication and AFA will be from different categories.

-Further, issuers may adopt a risk-based approach in deciding the appropriate additional factor of authentication for a transaction, based on the risk profile of the customer and/or beneficiary, transaction value, channel of origin, etc.

-Issuers must also have a system to alert the customer in real-time for all eligible digital payment transactions.

– Issuers will obtain explicit consent before enabling any new factor of authentication for the customer. The customer will also be provided with the facility to unregister from using the new factor of authentication.

Stakeholders are requested to send comments or feedback on the draft framework by email or post to the Chief General Manager-in-Charge, Department of Payment and Settlement Systems, Reserve Bank of India, Central Office, Fourteenth Floor, Shahid Bhagat Singh Marg, Mumbai-400001, on or before September 15, 2024.

RELATED ARTICLES

Most Popular