RBI mandates dynamically generated authentication for digital payments
To support advancements in authentication technology, the Reserve Bank of India (RBI) has mandated the implementation of an additional factor of authentication (AFA). These factors must be dynamically generated, meaning they are created after the payment initiation and must not be specific to the transaction or reusable.
No particular factor is mandated for AFA.
This requirement applies to all digital payment transactions except small-value contactless card payments up to 5,000 rupees (approximately US$60) at point-of-sale terminals, e-mandates for recurring transactions, and small-value digital payments through offline mode, as reported by the New Indian Express.
The issuers of these new authentication methods can adopt a risk-based approach to determine the appropriate AFA, as per RBI. Factors such as the risk profile of the customer and beneficiary, transaction value, among others, can be considered. It’s also mandatory for issuers to alert customers in real-time for all eligible digital payment transactions.
According to the RBI guidelines, in the context of scale implementation, the issuer is prohibited from engaging in exclusivity agreements with any payment service provider or technology service provider that could restrict the deployment of alternative authentication.
RBI has emphasized the importance of securing digital payments through AFA. In the latest draft of the “Framework on Alternative Authentication Mechanisms for Digital Payment Transactions,” RBI has encouraged the adoption of new authentication technologies.
The current digital payment system in India relies on SMS-based one-time passwords (OTPs).
Earlier this year, the RBI planned additional fraud risk management measures for Aadhaar-enabled Payment System (AePS) fraud through cloned fingerprints and a proposal to revise the onboarding process for Aadhaar service providers.
Article Topics
Aadhaar | banking | biometric authentication | biometrics | identity verification | India | multifactor authentication | secure transactions
Comments