Categories: BankingCurrent Affairs

RBI Mandates 2 Factor Authentication for Digital Payments from April 2026

RBI Mandates 2 Factor Authentication for Digital Payments from April 2026

The Reserve Bank of India (RBI) has introduced a new regulatory framework to strengthen digital payment security in the country. From April 1, 2026, two-factor authentication (2FA) will be mandatory for all digital transactions, with exceptions allowed only for certain small-value cases. The guidelines mark a major shift towards advanced, flexible, and secure verification methods, replacing the outdated reliance on SMS OTPs alone.

Key Highlights of the New Norms

Mandatory Two-Factor Authentication

  • All digital payments — including UPI, net banking, mobile wallets, and card-based transactions — will now require 2FA, ensuring two independent layers of verification. Small, low-risk transactions may be exempt based on pre-defined thresholds.

Flexible Authentication Methods

Banks and payment service providers will now have multiple options to verify users, including,

  • Biometric authentication (fingerprint, facial recognition)
  • Device-based tokens or app-linked authenticators
  • Passphrases, PINs, or security questions
  • Hardware/software-based OTP generators
  • Native device security features like facial unlock or fingerprint

These alternatives aim to reduce dependency on SMS OTPs, which are vulnerable to delays, phishing, and SIM-swapping.

Risk-Based Authentication

  • Institutions may use risk-based assessment to trigger extra layers of verification for high-value, cross-border, or suspicious transactions.
  • This allows adaptive security, improving user experience for low-risk cases while protecting against fraud.

Implementation Timeline

  • Effective date for domestic transactions: April 1, 2026
  • Cross-border and card-not-present transactions may receive extended deadlines
  • A phased rollout will be coordinated with banks and fintech players for smooth adoption

Key Facts

  • 2FA becomes mandatory: April 1, 2026
  • Applies to: UPI, net banking, cards, mobile wallets, etc.
  • Exemptions: Low-value transactions (as defined by RBI)
  • Permitted methods: Biometrics, tokens, passphrases, OTPs, app authenticators
  • Risk-based checks: Allowed for extra protection on flagged transactions
  • SMS OTP: Still allowed as one of the factors
Shivam

Share
Published by
Shivam
Tags: Banking
3 months ago

Recent Posts

Which City is known as the City of Grapes?

Many cities around the world are given special names because of what they are best…

9 hours ago

Who was Known as the Court Poet of Samudragupta?

In ancient India, many powerful kings ruled large empires and were known for their bravery,…

9 hours ago

Which City of Norway is Known as the City of Tigers?

Norway is a peaceful and beautiful country in Northern Europe. It is known for its…

9 hours ago

UIDAI Launches Aadhaar Mascot ‘Udai’ to Make Aadhaar Services More People-Friendly

The Unique Identification Authority of India (UIDAI) has taken a significant step towards improving public…

10 hours ago

Which is the Oldest Railway Station of Odisha? Know About It

Odisha, a state in eastern India, has a rich history in culture, art and transport.…

10 hours ago

Which District of Uttar Pradesh is Known as the City of Rice?

Uttar Pradesh is one of the largest states in India and is known for its…

10 hours ago