Select Page

The Reserve Bank of India (RBI) has proposed a new Framework on Alternative Authentication Mechanisms for Digital Payment Transactions to enhance the security of online payments. This move underscores the central bank’s commitment to safeguarding digital payments, emphasising the necessity of Additional Factor of Authentication (AFA).

Current authentication practices

Authentication Factor Aggregation (AFA) is the process of using multiple factors to verify payment instructions. Currently, the most common method of AFA in digital payments is SMS-based One-Time Passwords (OTPs). However, with advancements in technology, alternative authentication methods have become available, prompting the RBI to reconsider existing practices.

In a press release dated July 31, 2024, the RBI highlighted the importance of AFA, noting that while SMS-based OTPs are effective, other technological solutions can provide enhanced security. The framework categorises authentication factors into three broad groups:

  • Knowledge-Based: Information the user knows, such as passwords, passphrases, or PINs.
  • Possession-Based: Items the user has, such as hardware or software tokens.
  • Inherence-Based: Attributes unique to the user, such as fingerprints or other biometrics.

Risk-based authentication

The new framework allows issuers, such as banks and non-banks, to use a risk-based approach to determine the appropriate AFA for a transaction. Factors to consider include transaction value, origination channel, and the risk profiles of the customer and beneficiary. Issuers are required to notify customers of eligible digital payment transactions almost immediately.

Certain low-risk transactions are exempt from AFA requirements under the new framework. These include:

  • Small-value contactless card payments: Transactions up to Rs 5,000 at Point of Sale (PoS) terminals.
  • E-mandates for recurring transactions: These mandates are allowed for specific categories and transaction limits, such as:
  • Mutual fund subscriptions up to Rs 1 lakh
  • Insurance premium payments
  • Credit card bill payments
  • Other e-mandates up to Rs 15,000
  • Utility payments made with select prepaid instruments, including Prepaid Instruments (PPIs) issued under PPI – Mass Transit Service and Gift PPIs. Transactions inside the National Electronic Toll Collection (NETC) System.
  • Transactions in the National Electronic Toll Collection (NETC) System.

In its February Monetary Policy Committee (MPC) meeting, the RBI noted the rise of alternative authentication methods driven by technological advancements. There is a growing need for a principle-based framework to authenticate digital payment transactions effectively.

RBI Governor Shaktikanta Das noted, “With technological advancements, alternative authentication mechanisms have emerged in recent years.” To make such mechanisms for digital security more accessible, it is recommended to implement a principle-based ‘Framework for authentication of digital payment transactions’. Instructions on this matter will be delivered individually.”

  • Published On Aug 6, 2024 at 07:36 AM IST

Join the community of 2M+ industry professionals

Subscribe to our newsletter to get latest insights & analysis.

Download ETBFSI App

  • Get Realtime updates
  • Save your favourite articles

icon g play

icon app store


Scan to download App
bfsi barcode

Share it on social networks