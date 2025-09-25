MUMBAI: To ensure robust security and user protection as the digital payments ecosystem grows manifold month after month, the Reserve Bank has issued a comprehensive framework for strengthening the authentication mechanisms in digital payments effective next April.

Currently, most digital payments rely on SMS-based one-time passwords (OTPs) as the additional factor.

The move comes amid rapid growth in the digital payments ecosystem that has seen exponential adoption across UPI, cards, and wallet-based platforms.

Under the new rules, all digital payment transactions must comply with the norm of two-factor authentication. While the RBI has not mandated specific methods, the system must draw from at least two categories among something the user knows (such as a password or PIN), something the user has (such as a card, hardware token, or software token), and something the user is (biometric identifiers like fingerprint or Aadhaar-based verification).

The RBI has clarified that going forward, at least one of the factors should be dynamically created, meaning it must be unique to each transaction and validated in real time.