RBI headquarters in Mumbai (File photo| PTI) 
Business

RBI draft framework mandates additional authentication for all digital payments

The RBI draft also says all digital payment transactions, other than card present transactions, have to ensure that one of the factors of authentication is dynamically created.

Express News Service

To enhance the security of digital payments, the Reserve Bank has issued a draft framework for alternative authentication mechanism for all digital payments, mandating an additional factor of authentication (AFA) for all digital payment transactions, except small value, contactless card payments for up to Rs 5,000 at point of sale terminals, e-mandates for recurring transactions, and small value digital payments through offline mode, among others.

Additionally, the RBI draft says all digital payment transactions, other than card present transactions, have to ensure that one of the factors of authentication is dynamically created -- that is to say the authentication factor is generated after initiation of payment and is specific to the transaction and cannot be reused. Card present transactions are carried out physically.

Further, the draft issued Wednesday said the first factor of authentication and the AFA will have to be from different categories.

Also read:RBI makes KYC more stringent for domestic money transfers

Add TNIE As A Trusted Source

AFA is using more than one factor for authentication to complete a payment instruction. Currently, the digital payments ecosystem uses SMS-based OTP as AFA. Back in February, the RBI had stated that alternative authentication mechanisms have emerged in recent years with tech innovations, prompting the need to adopt a principle-based framework for authentication of digital payments.

The draft framework says that issuers -- banks and non-banks -- can adopt a risk-based approach in deciding the appropriate AFA, based on the risk profile of the customer and/or beneficiary, transaction value, channel of origin etc. The draft framework further mandates issuers to alert customers, in real time, for all eligible digital payment transactions.

Additionally, issuers cannot enter into any exclusivity arrangement with any payment service provider/technology service provider, which could limit its ability to deploy alternative authentication solutions. Also, for transactions involving tokenised cards on various devices, the issuer must ensure the device environment supports tokenisation on a non-exclusive basis.

Follow The New Indian Express channel on WhatsApp 

Download the TNIE app to stay with us and follow the latest

Also Read

LIVE | West Asia war: IRGC says spokesman killed in US-Israeli missile attack

Kuwait refinery hit as Iran says missile production 'no concern'

DGCA flags West Asia risks, asks airlines to avoid Gulf airspace

Seat-sharing in AIADMK-led alliance will conclude in four days, says EPS

Crude sinks after Netanyahu tries to reassure on Iran war

SCROLL FOR NEXT