New Delhi, 25 September (IANS). The Reserve Bank of India (RBI) on Thursday released a draft guideline on the Authority Mechanism Framework for Digital Payment Transaction Authority. This will be applicable from 1 April 2026.
The central bank said the feedback received from the general public has been considered and included in the final guidelines. The purpose of these guidelines is to promote new methods of authentication using technological progress.
However, in this framework, there is no talk of closing SMS-based OTP as authentication factor.
Its purpose is also that the issuer can implement additional risk-based investigations in addition to minimum two-factor authentication based on fraud risk of original transactions and can promote open access to interpreting and technology, as well as the responsibility of the issuers.
RBI says that all digital payment transactions in India will have to follow the rules of two authentication factor.
Although no particular factor was mandatory for authentication, digital payment ecosystem has mainly adopted SMS-Based One Time Password (OTP) as an additional factor.
According to RBI, “All digital payment transactions will be certified from at least two different authentication factor, until the discount is given. The issuers can give their customers the option of authentication factor as per their will.”
It further states, “It will be ensured that at least one factor of authentication should be made dynamically or certified, ie for all digital payment transactions, except for card present transactions, for all digital payment transactions, ie the proof of the factor sent as part of the transaction is unique for that transaction. The factor of the authentication should be such that the factor of the authentication should be such that the factor of the authentication should be such Do not affect. “
Also, system provider and system participant will provide authentication or to TownLation Service, which will be accessible to all use cases and channel or token storage mechanisms for all applications and token requests working in that operating environment.
-IANS
SKT/












