RBI Suggests Strengthened Two-Factor Authentication Regulations for Digital Transactions

In the "Security of Digital Payment Transactions" guidelines issued by the Reserve Bank of India (RBI), as of October 2023, the central bank has announced active authentication factors to safeguard customer transactions. Published on July 31, 2024, this draft framework works to address the rising number of cyber threats as well as strengthen fraud prevention procedures.

Under the new regulations, all digital payment transactions, including internet-based and card-not-present transactions, will have to carry a dynamically-generated authentication factor, except in cases of card-present transactions (such as using a swipe or tap card), contactless payments of a certain low-value limit, and in some cases of recurring payments that have to be preapproved. This transaction-based and non-reusable authentication factor makes OAuth 2.0 unique. The RBI framework broadly covers a range of authentication methods, including passwords, physical tokens and biometric identifiers.

Along with the authentication rules, the RBI further revised its 'Know Your Customer (KYC) procedures, while also strengthening e-mandates for repeat payments and mandating re-authentication of transactions not completed during the last six months.

Wall Street firms will have to implement the proposed rules within three months, and the public will be able to comment on the proposals until August 31, 2024. This will lead to a decreased risk of breaching banking details and increased customer security for online transactions.