Skip to main content

Authentication mechanisms for digital payment transactions

Reserve Bank of India (RBI) has issued directions on authentication mechanisms for digital payment transactions.

What is the rationale behind the directions?

All digital payment transactions in India are required to meet the norm of two factors of authentication. While no specific factor was mandated for authentication, the digital payments ecosystem has primarily adopted SMS-based One Time Password (OTP) as the additional factor. To enable the payments ecosystem to leverage the technological advancements for implementing alternative authentication mechanisms, RBI has issued the directions on authentication mechanisms for digital payment transactions.

What is Authentication?

Authentication is a process of validating and confirming the credentials of the customer who is originating the payment instruction.

What is Factor of Authentication?

Factor of Authentication is the credential of the customer which is used for authentication. The factors of authentication can be from “something the user has”, “something the user knows” or “something the user is” and may comprise, inter-alia, password, SMS based OTP, passphrase, PIN, card hardware, software token, fingerprint, or any other form of biometrics (device native or Aadhaar based).

To which entities / transactions shall the directions be applicable?

The directions shall be applicable to –

  • Payment System Providers and Payment System Participants (banks and non-banks)
  • Domestic digital payment transactions

What are the principles for authentication of digital payment transactions?

  • Minimum two factors of authentication – All digital payment transactions shall be authenticated by at least two distinct factors of authentication. Issuers (bank / non-bank maintaining customer’s account from which payment is made, such as deposit account / credit line / prepaid instrument) may, at their discretion, offer a choice of authentication factors to their customers.
  • At least one of the factors to be dynamic – It shall be ensured that for digital payment transactions, other than card present transactions, at least one of the factors of authentication is dynamically created or proven, i.e., the proof of possession of the factor, being sent as part of the transaction, is unique to that transaction.
  • Robust – The factor of authentication shall be such that compromise of one factor does not affect reliability of the other.

Which transactions are exempted from two factor authentication?

The following transactions are exempted from the requirement of two factor authentication –

  • Small-value Contactless Card transactions
  • Recurring transactions (other than the first) under the e-mandate framework
  • Select Prepaid Instruments such as Prepaid Payment Instrument - Mass Transit Service (PPI-MTS) and Gift PPIs
  • National Electronic Toll Collection (NETC) transactions
  • Small value digital payments in offline mode
  • Travel booking involving Global Distribution System / IATA through commercial / corporate cards.

What are other directions?

  • Based on the perceived risk associated with the transaction, additional checks beyond the minimum two-factor authentication may be resorted to. Issuers may also explore using DigiLocker as a platform for notification and confirmation for high-risk transactions.
  • If any loss arises out of transactions effected without complying with the directions, the issuer shall compensate the customer for the loss in full without demur.
  • The directions are not applicable to cross-border digital payment transactions. However, card issuers shall, by October 01, 2026, put in place a mechanism to validate non-recurring, cross-border card not present (CNP) transactions, where request for authentication is raised by an overseas merchant or overseas acquirer. To ensure compliance, card issuers shall register their Bank Identification Numbers (BINs) with card networks.

From when shall the directions be applicable?

Payment System Providers and Payment System Participants, including banks and non-bank entities, shall ensure compliance with the directions by April 01, 2026.


References

Reserve Bank of India. (2025, September 25). 'RBI issues Directions on Framework on Authentication Mechanisms for Digital Payment Transactions'. Retrieved from https://rbi.org.in/Scripts/BS_PressReleaseDisplay.aspx?prid=61282

Reserve Bank of India. (2025, September 25). 'Reserve Bank of India (Authentication mechanisms for digital payment transactions) Directions, 2025'. Retrieved from https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=12898&Mode=0


Follow at - Telegram   Instagram   LinkedIn   X   Facebook

Labels:

Comments

Post a Comment

Popular Posts

Rupee Interest Rate Derivatives

Reserve Bank of India (RBI) has issued directions on rupee interest rate derivatives. What is Interest Rate Derivative (IRD)? Interest Rate Derivative (IRD) means a financial derivative contract whose value is derived from one or more Rupee interest rates, prices of Rupee interest rate instruments, or Rupee interest rate indices. To which transactions shall the directions be applicable? The directions shall be applicable to Rupee IRD transactions undertaken in the over-the-counter (OTC) market and on recognised stock exchanges in India. Forward Contracts in Government Securities shall be undertaken in the OTC market in terms of the Reserve Bank of India (Forward Contracts in Government Securities) Directions, 2025, dated February 21, 2025. Who are eligible participants in IRD markets? Resident Non-resident, through its central treasury or its group entity, where applicable.  What are the directions on trading of IRDs on recognised stock exchanges? A recognised stock exchange is per...
Post a Comment
Read more

Export / Import of Currency and Possession / Retention of Foreign Currency

Reserve Bank of India (RBI) has updated the guidelines on export and import of currency. What are the guidelines on export and import of Indian currency? Transferor Transfer from Transfer to Nature of currency Maximum limit Person resident in India India Countries other than Nepal and Bhutan Currency notes of Government of India (GoI) and RBI notes ₹25000 per person Commemorative coins 2 coins Person resident in India gone out of India on temporary visit, on his return Countries other than Nepal and Bhutan India Currency notes of GoI and RBI notes ₹25000 per person Person resident outside India (not citizen of Pakistan / Bangladesh) visiting India India Any country Currency notes of GoI and RBI notes ₹25000 per person Any country India Person (not citizen of Pakist...
Post a Comment
Read more

National Strategy for Financial Inclusion (NSFI) 2025-30

Reserve Bank of India (RBI) has published National Strategy for Financial Inclusion (NSFI) 2025-30. Financial Inclusion The Committee on Financial Inclusion (Chairman: Dr C Rangarajan, RBI, 2008) defined financial inclusion as “the process of ensuring access to financial services, timely and adequate credit for vulnerable groups such as weaker sections and low-income groups at an affordable cost”. The Committee on Medium-Term Path to Financial Inclusion (Chairman: Shri Deepak Mohanty, RBI, 2015) viewed financial inclusion as, “convenient access to a basket of basic formal financial products and services that should include savings, remittance, credit, government-supported insurance and pension products to small and marginal farmers and low income households at reasonable cost with adequate protection progressively supplemented by social cash transfers, besides increasing the access of small and marginal enterprises to formal finance with a greater reliance on technology to cut costs an...
Post a Comment
Read more

RBI’s Monetary Policy (December 05, 2025): In A Nutshell

The bi-monthly monetary policy of Reserve Bank of India (RBI) was announced on December 05, 2025. Here are some of the highlights of the monetary policy announcement. Rates   Change Rate Policy repo rate Reduced by 25 bps 5.25% Standing deposit facility (SDF) rate 5.00% Marginal standing facility (MSF) rate 5.50% Bank rate 5.50% Monetary policy stance Monetary policy stance unchanged as ‘neutral’. Domestic Economy  Real Gross Domestic Product (GDP) growth accelerated to 8.2% in Q2, buoyed by strong spending during the festive season which was further facilitated by the rationalisation of the goods and services tax (GST) rates.  Real GDP growth for 2025-26 is projected at 7.3%. For the first time since the adoption of flexible inflation targeting (FIT), average headline inflation for a quarter at 1.7% in Q2, breached the lower tolerance threshold (2%) of the inflation target (4%). It dipped further to an all-time low of 0.3% in October 2025. The underlying inflation pressu...
Post a Comment
Read more

What are ‘Significant Benchmarks’?

Reserve Bank of India (RBI) has notified Modified Mumbai Interbank Forward Outright Rate (MMIFOR) administered by FBIL as a ‘significant benchmark’. What are Financial Benchmarks? Financial Benchmarks mean prices, rates, indices, values or a combination thereof related to financial instruments that are calculated periodically and used as a reference for pricing or valuation of financial instruments or any other financial contract. What is ‘Significant Benchmark’? ‘Significant benchmark’ means any benchmark notified by Reserve Bank of India (RBI) as a ‘significant benchmark’ under Financial Benchmark Administrators (Reserve Bank) Directions, 2019. RBI notifies a benchmark as a ‘significant benchmark’ taking into consideration its use, efficiency and relevance in domestic financial markets. Who is Financial Benchmark Administrator? Financial Benchmark Administrator (FBA) means a person who controls the creation, operation and administration of ‘significant benchmarks’ in the markets for ...
Post a Comment
Read more