Read what RBI Governor has to say
RBI Governor Shaktikanta Das said: “Over the years, the Reserve Bank has proactively facilitated introduction of various mechanisms such as Additional Factor of Authentication (AFA) for securing digital payments. While no particular mechanism was specified by the Reserve Bank, SMS-based OTP has become very popular. With technological advancements, however, alternative authentication mechanisms have emerged in recent years. Therefore, to facilitate adoption of alternative authentication mechanisms for enhancing the security of digital payments, it is proposed to put in place a principle-based framework for authentication of such transactions.”
Das noted that detailed instructions outlining the specifics about this principle-based framework will be issued separately.
What is the OTP-based system and why RBI wants to replace it
When you initiate an online transaction, most banks send a one-time password (OTP) via SMS to your registered mobile number. You need to enter this OTP within a specified time limit to authenticate and complete the transaction. This SMS-based authentication technique has become the standard method used by financial institutions over the years.
As digital transactions grow in the country, RBI might want to encourage banks to adopt the latest authentication solutions to enhance security and convenience for customers. While SMS-OTP remains popular, they are not foolproof.
In March 2023, the central bank claimed that more than 95,000 fraud UPI transactions were recorded between 2022 and 2023.
Under the proposed principles, RBI regulated entities might be offered the flexibility to use other modes of authentication.
The proposed principles are expected to encourage other methods like app-based approval and biometric authentication.
The alternative system is also expected to improve the security of digital transactions.