Skip to main content

Draft Framework on Alternative Authentication Mechanisms for Digital Payment Transactions

Reserve Bank of India (RBI) has released draft framework on alternative authentication mechanisms for digital payment transactions.

What is the rationale behind the draft framework?

RBI had mandated additional factor of authentication (AFA) for all transactions undertaken using cards, prepaid instruments and mobile banking channels. No specific factor was mandated for authentication, but the digital payments ecosystem has primarily adopted SMS-based OTP as AFA. While OTP is working satisfactorily, technological advancements have made available alternative authentication mechanisms. Therefore, RBI has released a draft framework on alternative authentication mechanisms for digital payment transactions to enable the ecosystem to adopt alternative authentication mechanisms. 

To whom shall the framework be applicable?

The framework applies to all Payment System Providers and Payment System Participants (banks and non-banks), who shall comply with the framework within 3 months from the date of issue of the directions.

What is Authentication?

Authentication is a process of validating and confirming the credentials of the customer who is originating the payment instruction.

What is factor of authentication?

Factor of Authentication is any credential input by the customer which is verified for confirming the originator of a payment instruction. The factors of authentication are broadly categorised as –

  • Something the user knows (such as password, passphrase, PIN)
  • Something the user has (such as card hardware or software token)
  • Something the user is (such as fingerprint or any other form of biometrics)

What is Additional Factor of Authentication (AFA)?

Additional Factor of Authentication (AFA) refers to use of more than one factor for authentication of a payment instruction.

Who is Issuer?

Issuer is a bank / non-bank where the customer’s account (deposit account / credit line or PPI balance) is maintained. Issuers verify user credentials and provide confirmation of debit to the account on receipt of payment instruction.

Who is Technology Service Provider (TSP)?

Technology Service Provider (TSP) is a provider of technology infrastructure adopted by the Issuer for implementing the authentication process. In addition to software-based solution providers, this will include device manufacturers and hardware solution providers who provide such technology.

Who is Token Service Provider?

Token Service Provider is an entity which tokenises the card credentials and de-tokenises them, whenever required. It includes card networks and card issuers.

What is card present transaction?

Card present transaction is a transaction that is carried out through the physical use of card at the point of transaction. It is also known as a face-to-face or proximity payment transaction.

What are the principles for authentication of digital payment transactions?

The technology and process deployed for authenticating a payment instruction by the Payment System Provider / Payment System Participants shall comply with the following principles –

  • All digital payment transactions shall be authenticated with additional factors of authentication (AFA), unless exempted otherwise.
  • All digital payment transactions, other than card present transactions, shall ensure that one of the factors of authentication is dynamically created, i.e., the factor is generated after initiation of payment, is specific to the transaction and cannot be reused.
  • The first factor of authentication and the AFA shall be from different categories (i.e., something the user knows / something the user has / something the user is).
  • Issuers may adopt a risk-based approach in deciding the appropriate AFA for a transaction, based on the risk profile of the customer and / or beneficiary, transaction value, channel of origination, etc.
  • Issuers shall have a system of alerting the customer in near real time for all eligible digital payment transactions i.e., all digital payment transactions except small offline transactions.
  • Issuers shall obtain explicit consent before enabling any new factor of authentication for the customer. The customer shall also be provided a facility to deregister from using the new factor of authentication.
  • Issuer shall ensure the robustness and integrity of the process or technology of the authentication factor before deploying the same.
  • Issuer shall be liable for the process and technology deployed for authenticating a digital payment transaction.
  • Issuer shall not enter into any exclusivity arrangement with any Payment Service Provider / Technology Service Provider - which could limit its ability to deploy alternative authentication solutions.
  • For transactions involving tokenised cards on various devices, Issuer / Token Service Provider shall ensure that the device environment supports tokenisation on a non-exclusive basis.

Which transactions are exempt from AFA requirement?

The following transactions are exempted from the AFA requirement –

  • Small value card present transactions for values upto ₹5000/- per transaction in contactless mode at Point of Sale (PoS) terminals.
  • E-mandates for recurring (other than the first) transactions in respect of – a) subscription to mutual funds; b) payment of insurance premium and c) credit card bill payments, for values upto ₹1,00,000, and in respect of all other categories, for values upto ₹15,000/-. 
  • Prepaid Instruments (PPIs) issued under PPI – Mass Transit Service and Gift PPIs.
  • Transactions in the National Electronic Toll Collection (NETC) System.
  • Small value digital payments in offline mode up to a value of ₹500/-.


References

Reserve Bank of India. (2024, July 31). 'Draft Framework on Alternative Authentication Mechanisms for Digital Payment Transactions'. Retrieved from https://www.rbi.org.in/Scripts/BS_PressReleaseDisplay.aspx?prid=58406

Reserve Bank of India. (2024, July 31). 'Framework on Alternative Authentication Mechanisms for Digital Payment Transactions - DRAFT'. Retrieved from https://www.rbi.org.in/scripts/bs_viewcontent.aspx?Id=4477


Follow at - Telegram   Instagram   LinkedIn   X   Facebook

Labels:

Comments

Post a Comment

Popular Posts

Highlights of RBI Annual Report 2023-24 – Chapter 7 to 12

Reserve Bank of India (RBI) has published its annual report for the financial year 2023-24. In a series of articles, we will go through the highlights of the report. This is the fifth and last article in the series.  Chapter 7 – Public Debt Management Ways And Means Advances (WMA) limit for the Government of India (GoI) for H1:2023-24 (April to September 2023) was fixed at ₹1,50,000 crore and for H2:2023-24 (October 2023 to March 2024) was fixed at ₹50,000 crore. RBI issued an ultra-long security of 50-year tenor aggregating ₹30,000 crore to cater to the growing needs of long-term institutional players. Issuance of Sovereign Green Bonds (SGrBs) for an aggregate amount of ₹20,000 crore included maiden issuance of 30-year (₹10,000 crore) SGrB in addition to 5-year (₹5,000 crore) and 10-year (₹5,000 crore) SGrBs. A new 3-year benchmark security was introduced as part of government market borrowing programme during H1:2023-24.  The basket of products offered through the ‘Retail ...
Post a Comment
Read more

RBI’s Monetary Policy (August 06, 2025): In A Nutshell

The bi-monthly monetary policy of Reserve Bank of India (RBI) was announced on August 06, 2025. Here are some of the highlights of the monetary policy announcement. Rates   Change Rate Policy repo rate Unchanged 5.50% Standing deposit facility (SDF) rate 5.25% Marginal standing facility (MSF) rate 5.75% Bank rate 5.75% Monetary policy stance Monetary policy stance unchanged as ‘neutral’. Domestic Economy  Real GDP growth for 2025-26 is projected at 6.5%. CPI headline inflation declined for the eighth consecutive month to a 77-month low (since January 2019) of 2.1% in June, driven primarily by a sharp decline in food inflation. Food inflation recorded its first negative print since February 2019 at (-) 0.2% in June. CPI inflation for 2025-26 is projected at 3.1%. India’s current account deficit (CAD) moderated to 0.6% of GDP in 2024-25 from 0.7% of GDP in 2023-24 due to robust services exports and strong remittances receipts despite higher merchandise trade deficit. As on Augus...
Post a Comment
Read more

Non-Fund Based Credit Facilities

Reserve Bank of India (RBI) has issued directions on non-fund based credit facilities. To whom shall the directions be applicable? The directions shall apply to the following Regulated Entities (REs) for all their Non-Fund Based (NFB) exposures such as guarantee, letter of credit, co-acceptance etc. Commercial Banks (including Regional Rural Banks and Local Area Banks) Primary (Urban) Co-operative Banks (UCBs) / State Co-operative Banks (StCBs) / Central Co-operative Banks (CCBs) All India Financial Institutions (AIFIs) Non-Banking Financial Companies (NBFCs) including Housing Finance Companies (HFCs) in Middle Layer and above, only for the issuance of Partial Credit Enhancement. The directions shall not apply to the derivative exposures of a RE. Which NFB facilities are permitted to be issued by RE? RE shall issue a NFB facility only on behalf of a customer having funded credit facility from the RE. However, this shall not be applicable in respect of – Derivative contracts entered int...
Post a Comment
Read more

Co-Lending Arrangements (CLAs)

Reserve Bank of India (RBI) has issued directions on co-lending arrangements which will replace the existing guidelines on co-lending by banks and Non-Banking Financial Companies (NBFCs) to priority sector. What is Co-Lending Arrangement (CLA)? Co-Lending Arrangement (CLA) refers to an arrangement, formalised through an ex-ante agreement, between a regulated entity (RE) which is originating the loans (‘originating RE’) and another RE which is co-lending (‘partner RE’), to jointly fund a portfolio of loans, comprising of either secured or unsecured loans, in a pre-agreed proportion, involving revenue and risk sharing. To whom shall the directions be applicable? The directions shall be applicable to CLAs entered into by the following REs – Commercial Banks (excluding Small Finance Banks, Local Area Banks and Regional Rural Banks) All-India Financial Institutions Non-Banking Financial Companies (including Housing Finance Companies) Which lending arrangements are exempt from the applicabil...
Post a Comment
Read more

Investment in Alternative Investment Funds (AIFs)

Reserve Bank of India (RBI) has issued directions for investment in Alternative Investment Funds (AIFs) which will replace the existing guidelines . To whom shall the directions be applicable? The directions shall be applicable to investments by the following regulated entities (REs) in units of AIF Schemes – Commercial Banks (including Small Finance Banks, Local Area Banks and Regional Rural Banks) Primary (Urban) Co-operative Banks / State Co-operative Banks / Central Co-operative Banks All-India Financial Institutions Non-Banking Financial Companies (including Housing Finance Companies) What shall be the limits for investment in AIF schemes? No RE shall individually contribute more than 10% of the corpus of an AIF Scheme. Collective contribution by all REs in any AIF Scheme shall not be more than 20% of the corpus of that scheme. Outstanding investments or commitments of a RE, made with prior approval from RBI under the provisions of Master Direction – Reserve Bank of India (Financi...
Post a Comment
Read more