Source: BS
Context:
The Reserve Bank of India (RBI) has issued new guidelines mandating two-factor authentication (2FA) for all digital payment transactions in India, effective April 1, 2026, to enhance transaction security and reduce fraud.
Key Highlights:
- Mandatory Two-Factor Authentication (2FA):
- All digital transactions must use two distinct factors:
- Something the user knows (PIN/password)
- Something the user has (device/token)
- Something the user is (biometric)
- At least one factor must be dynamic, unique per transaction.
- All digital transactions must use two distinct factors:
- Risk-Based Authentication:
- Authentication may vary based on transaction amount, user behavior, device attributes, and historical patterns.
- Cross-Border Transactions:
- International card-not-present (CNP) transactions require additional authentication from October 1, 2026.
- Interoperability:
- Payment systems must ensure seamless and secure transactions across platforms.
- Issuer Responsibilities:
- Banks and non-bank payment service providers must comply with the guidelines.
- Systems must be robust, user-friendly, and secure.
