THE BANKING TIMES

RBI Tightens Digital Payment Security: New Authentication Rules from April 2026.

โ€”

by

admin@thebankingtimes.in
in

Effective from April 1, 2026 (domestic) & October 1, 2026 (cross-border)

The Reserve Bank of India (RBI) has released new directions on authentication mechanisms for digital payment transactions,
replacing the heavy reliance on SMS-based OTP with more advanced and flexible methods.
These changes aim to strengthen security, enable technological innovation, and improve customer protection in both domestic and select cross-border card transactions.

Key Changes in Digital Transactions

  • Two-Factor Authentication Mandatory: All digital payments must continue to use at least two factors of authentication (e.g., OTP, PIN, password, biometrics, tokens).
  • Dynamic Factor Required: At least one factor must be dynamically generated for each transaction, ensuring uniqueness and reducing fraud risk.
  • Beyond OTP: Banks and payment providers can now use biometrics, device-based verification, tokens, or other secure methods instead of relying only on SMS OTP.
  • Risk-Based Authentication: Transactions may be evaluated using behavioural and contextual checks like user location, device patterns, or transaction history.
  • Cross-Border Safeguards: From October 1, 2026, Indian card issuers must validate non-recurring overseas online transactions (CNP) using RBI-approved mechanisms.
  • Customer Compensation: If a fraud occurs due to non-compliance with these rules, the issuer must refund the customer in full without delay.

How Customers Will Benefit

  • Greater Security: Dynamic and risk-based authentication reduces chances of OTP theft and online fraud.
  • Flexibility: Customers may choose authentication options such as biometrics, app tokens, or device-based approvals for easier payments.
  • Transparency: Banks must clearly define and apply authentication policies without discrimination.
  • Consumer Protection: In case of unauthorized transactions due to non-compliance, customers will be fully reimbursed.
  • Safer International Payments: Added checks for cross-border transactions help secure overseas purchases with Indian cards.

Effective Dates

  • Domestic digital transactions: April 1, 2026
  • Cross-border CNP card transactions: October 1, 2026

With these directions, RBI is moving Indiaโ€™s payments ecosystem towards a future of safer, faster, and smarter digital transactions.
Customers can expect reduced fraud risks, quicker approvals, and full protection against unauthorized losses.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *