RBI Proposes New Framework On Additional Factor Of Authentication For Digital Payments

Share via:


SUMMARY

The central bank’s draft “Framework on Alternative Authentication Mechanisms for Digital Payment Transactions” aims to widen the choice of authentication factors available to payment system operators and users

The RBI has proposed that all digital payment transactions, other than card present transactions, ensure that one of the factors of authentication is created dynamically

The RBI has sought comments and feedback on the draft framework by September 15, 2024

The Reserve Bank of India (RBI) has proposed alternate methods of additional factor of authentication (AFA) for digital transactions, including PIN, passwords, cards, and biometrics such as fingerprints, among others.

The central bank’s draft “Framework on Alternative Authentication Mechanisms for Digital Payment Transactions” released on Wednesday (July 31) aims to widen the choice of authentication factors available to payment system operators and users. 

“Over the years, the Reserve Bank of India has prioritised security of digital payments, in particular the requirement of Additional Factor of Authentication (AFA) for making payments. No specific factor was mandated for authentication, but the digital payments ecosystem has primarily adopted SMS-based OTP as AFA. While OTP is working satisfactorily, technological advancements have made available alternative authentication mechanisms,” said the RBI.

An AFA requires the use of more than one factor for authentication of a payment instruction.

The release of the draft framework is in line with the central bank’s announcement in February to adopt a principle-based “Framework for authentication of digital payment transactions” for digital security.

The central bank terms any credential input by the customer that is verified for the purpose of confirming the originator of a payment instruction as the factor of authentication. These factors are broadly categorised as something the user knows (such as password, passphrase, PIN), something the user has (such as card hardware or software token), and something the user is (such as fingerprint or any other form of biometrics).

The central bank has proposed that all digital payment transactions, other than card present transactions, ensure that one of the factors of authentication is created dynamically. This means that the factor should be generated after initiation of payment, be specific to the transaction, and cannot be reused.

It said that the issuers –  bank or non-bank where the customer’s account is maintained – can decide the appropriate AFA for a transaction based on the risk profile of the customer and/ or beneficiary, transaction value, channel of origination, among others.

The following transactions will be exempted from customer authentication: 

  • Small value card present transactions for values up to INR 5,000 per transaction in contactless mode at point-of-sale (PoS) terminals. 
  • Transactions in respect of subscription to mutual funds, payment of insurance premiums, and credit card bill payments up to certain values 
  • Digital toll payments
  • Offline payment transactions up to a value of INR 500

The RBI has sought comments and feedback on the draft framework by September 15, 2024.

“All Payment System Providers and Payment System Participants (banks and non-banks) shall ensure compliance with this framework within three months from the date of issue of these directions,” the central bank said.

The development comes at a time when the number of digital transactions as well as digital frauds are on the rise in the country. A recent report by Amazon Pay said that Indian merchants process 69% of their transactions via digital payments. Meanwhile, the central bank said in its annual report that the number of online frauds in the country surged 334% year-on-year to 29,082 in FY24.

Earlier today, the RBI also proposed tighter norms for Aadhaar-enabled Payment System (AePS) touchpoint operators to curb frauds.





Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

RBI Proposes New Framework On Additional Factor Of Authentication For Digital Payments


SUMMARY

The central bank’s draft “Framework on Alternative Authentication Mechanisms for Digital Payment Transactions” aims to widen the choice of authentication factors available to payment system operators and users

The RBI has proposed that all digital payment transactions, other than card present transactions, ensure that one of the factors of authentication is created dynamically

The RBI has sought comments and feedback on the draft framework by September 15, 2024

The Reserve Bank of India (RBI) has proposed alternate methods of additional factor of authentication (AFA) for digital transactions, including PIN, passwords, cards, and biometrics such as fingerprints, among others.

The central bank’s draft “Framework on Alternative Authentication Mechanisms for Digital Payment Transactions” released on Wednesday (July 31) aims to widen the choice of authentication factors available to payment system operators and users. 

“Over the years, the Reserve Bank of India has prioritised security of digital payments, in particular the requirement of Additional Factor of Authentication (AFA) for making payments. No specific factor was mandated for authentication, but the digital payments ecosystem has primarily adopted SMS-based OTP as AFA. While OTP is working satisfactorily, technological advancements have made available alternative authentication mechanisms,” said the RBI.

An AFA requires the use of more than one factor for authentication of a payment instruction.

The release of the draft framework is in line with the central bank’s announcement in February to adopt a principle-based “Framework for authentication of digital payment transactions” for digital security.

The central bank terms any credential input by the customer that is verified for the purpose of confirming the originator of a payment instruction as the factor of authentication. These factors are broadly categorised as something the user knows (such as password, passphrase, PIN), something the user has (such as card hardware or software token), and something the user is (such as fingerprint or any other form of biometrics).

The central bank has proposed that all digital payment transactions, other than card present transactions, ensure that one of the factors of authentication is created dynamically. This means that the factor should be generated after initiation of payment, be specific to the transaction, and cannot be reused.

It said that the issuers –  bank or non-bank where the customer’s account is maintained – can decide the appropriate AFA for a transaction based on the risk profile of the customer and/ or beneficiary, transaction value, channel of origination, among others.

The following transactions will be exempted from customer authentication: 

  • Small value card present transactions for values up to INR 5,000 per transaction in contactless mode at point-of-sale (PoS) terminals. 
  • Transactions in respect of subscription to mutual funds, payment of insurance premiums, and credit card bill payments up to certain values 
  • Digital toll payments
  • Offline payment transactions up to a value of INR 500

The RBI has sought comments and feedback on the draft framework by September 15, 2024.

“All Payment System Providers and Payment System Participants (banks and non-banks) shall ensure compliance with this framework within three months from the date of issue of these directions,” the central bank said.

The development comes at a time when the number of digital transactions as well as digital frauds are on the rise in the country. A recent report by Amazon Pay said that Indian merchants process 69% of their transactions via digital payments. Meanwhile, the central bank said in its annual report that the number of online frauds in the country surged 334% year-on-year to 29,082 in FY24.

Earlier today, the RBI also proposed tighter norms for Aadhaar-enabled Payment System (AePS) touchpoint operators to curb frauds.





Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

More like this

Trump says he wants to keep TikTok around ‘for...

With a US TikTok ban scheduled to take...

The biggest flops and fizzles in 2024 transportation, from...

Autonomous vehicle technology and electrification startups were once...

Indian edtech unicorn Vedantu cuts losses by 58%

It was supported by a 21% increase in...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!