Digital Payment Security: RBI Proposes Alternative Methods of Two-Factor Authentication

[ad_1]

The RBI has announced a draft framework on 'Alternative Authentication Mechanisms for Digital Payment Transactions'.

The RBI has announced a draft framework on ‘Alternative Authentication Mechanisms for Digital Payment Transactions’.

This initiative aims to enhance the security of digital payments by introducing various forms of authentication.

The Reserve Bank of India (RBI) has announced a draft framework on ‘Alternative Authentication Mechanisms for Digital Payment Transactions’. This initiative aims to enhance the security of digital payments by introducing various forms of authentication.

The RBI in a press release issued on July 31, 2024, said, “The Reserve Bank of India has prioritised security of digital payments, in particular the requirement of Additional Factor of Authentication (AFA) for making payments. No specific factor was mandated for authentication, but the digital payments ecosystem has primarily adopted SMS-based OTP as AFA. While OTP is working satisfactorily, technological advancements have made available alternative authentication mechanisms.”

Defining the factor of authentication, the RBI said, “Any credential input by the customer which is verified for the purpose of confirming the originator of a payment instruction. The factors of authentication are broadly categorised as below:

  • Something the user knows (such as password, passphrase, PIN)
  • Something the user has (such as card hardware or software token)
  • Something the user is (such as fingerprint or any other form of biometrics).”

It said all digital payment transactions, other than card present transactions, shall ensure that one of the factors of authentication is dynamically created, i.e., the factor is generated after initiation of payment, is specific to the transaction and cannot be reused.

“All digital payment transactions shall be authenticated with an additional factor(s) of authentication (AFA), unless exempted otherwise in this framework,” the RBI said.

Those that are exempted from AFA are small-value contactless card payments, e-mandates for recurring transactions, utility through select prepaid instruments, and small-value digital payment in offling mode, according to the RBI’s draft frameword.

[ad_2]

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *