RBI Introduces Additional Factor Authentication (AFA) for International Transactions

In a significant move to enhance digital payment security, the Reserve Bank of India (RBI) has announced the implementation of Additional Factor Authentication (AFA) for cross-border “Card Not Present” (CNP) transactions. This initiative aims to secure international transactions using Indian-issued cards, ensuring they are as safe and fraud-proof as domestic transactions.

With the increasing volume of online shopping and a rising number of fraudulent activities, this new security measure is expected to strengthen consumer protection and improve trust in international digital transactions.

What is Additional Factor Authentication (AFA)?

Understanding AFA

Additional Factor Authentication (AFA) is a multi-step security process that requires cardholders to verify their transactions through more than one method. This additional layer of security significantly reduces the risk of unauthorized access and fraud in online transactions.

AFA in Domestic vs. International Transactions

Domestic Transactions:

• Previously, AFA was mandatory only for domestic online transactions in India.
• It typically involved an OTP (One-Time Password) sent to the registered mobile number or biometric verification.
• The introduction of AFA in domestic payments has successfully reduced fraud and increased consumer confidence.

International Transactions:

• Until now, international transactions using Indian-issued cards did not require AFA.
• This created a security gap, making cross-border payments vulnerable to cyber threats and fraud.
• With this new directive, RBI is now extending AFA for international transactions, making them more secure and reliable.

Why is AFA Needed for International Transactions?

With the boom in e-commerce, Indian consumers are making more frequent purchases from overseas merchants. However, these transactions, being Card Not Present (CNP) payments, carry higher risks due to the absence of physical verification.

Major Risks in International CNP Transactions

• Increased Fraud Risks: Without AFA, cybercriminals can misuse card details for unauthorized transactions.
• Lack of Direct Merchant Verification: Unlike domestic transactions, where banks have strict security measures, cross-border merchants may not follow the same standards.
• Growing Digital Payments Trend: With an increasing number of Indians engaging in global e-commerce, security needs to match the evolving digital landscape.

Recognizing these risks, the RBI’s new directive aims to close the security gap and make international digital transactions as secure as domestic payments.

RBI’s Proposed Changes for AFA in International Transactions

New Verification Measures

Under this proposal, Indian cardholders making international online purchases will have to complete an additional verification step, such as:

• OTP Verification: A One-Time Password (OTP) sent to the user’s registered mobile number.
• Biometric Authentication: Transactions may require fingerprint scans or facial recognition for added security.

RBI’s Next Steps

• RBI will issue a draft circular to gather feedback from stakeholders, including banks, payment gateways, and merchants.
• Once finalized, the implementation process will begin, ensuring a smooth transition for consumers.
• This initiative is part of a larger RBI framework to strengthen the security of digital payments in India.

RBI’s Digital Payment Security Framework

To further improve online transaction security, RBI introduced a digital payment security framework last year. This mandates the use of a dynamically generated authentication factor for every digital transaction, except for card-present transactions.

Three Types of Authentication Factors

RBI categorizes AFA into three types, ensuring that each transaction remains unique and protected:

1. Something the user knows – Examples: Passwords, PINs
2. Something the user has – Examples: ATM/Debit Cards, Mobile Devices
3. Something the user is – Examples: Fingerprint, Facial Recognition

This multi-layered approach aims to eliminate fraudulent activities, ensuring that each transaction is authenticated through a unique security factor that cannot be reused.

Impact of AFA on Indian Consumers

Enhanced Consumer Protection

By implementing AFA for international transactions, Indian consumers will benefit from the same level of security that is already in place for domestic digital payments.

Encouraging Global E-Commerce Participation

With improved security, Indian consumers may feel more confident in making international purchases, leading to greater participation in the global e-commerce market.

Reduced Fraud & Unauthorized Transactions

This move will minimize online fraud, preventing cases where stolen or leaked card details are used for unauthorized transactions.

Seamless Transition & Adoption

Banks and financial institutions will need to upgrade their verification systems to align with the RBI’s new security guidelines. Consumers should stay updated on changes and ensure their contact details are up to date to receive OTPs and verification alerts.

Summary of the News

Aspects	Details
Why in News	The Reserve Bank of India (RBI) has announced the implementation of Additional Factor Authentication (AFA) for cross-border “Card Not Present” (CNP) transactions.
Objective	To secure international transactions using Indian-issued cards, making them as safe and fraud-proof as domestic transactions.
What is AFA?	A multi-step security process requiring more than one verification method to authenticate online transactions.
AFA in Domestic vs. International Transactions	– Domestic: Already mandatory, involves OTP or biometric verification, reducing fraud. – International: Previously lacked AFA, making transactions vulnerable to cyber threats.
Need for AFA in International Transactions	– Increasing cross-border e-commerce purchases. – Higher fraud risks due to the absence of physical verification.- Security gap in international payments.
Major Risks in International Transactions	– Fraudulent transactions due to lack of authentication.- Weaker security measures among overseas merchants.- Growing digital payments require enhanced security.
RBI’s Proposed Changes	– OTP verification for international transactions.- Biometric authentication (fingerprint/facial recognition).
Next Steps by RBI	– RBI to issue a draft circular for stakeholder feedback.- Implementation to begin after finalization.- Part of RBI’s broader digital security framework.
Types of Authentication Factors	1. Something the user knows – Passwords, PINs. 2. Something the user has – ATM/Debit Cards, Mobile Devices. 3. Something the user is – Biometrics (Fingerprint, Facial Recognition).
Impact on Indian Consumers	– Enhanced consumer protection for international transactions.- Increased confidence in global e-commerce purchases.- Reduced fraud in online payments.
Seamless Adoption	Banks to upgrade security systems, consumers should update contact details for OTP and alerts.