More Stories

Informist, Wednesday, Jul 31, 2024

 

--RBI issues draft norms on alternate validation for digital payments

--RBI seeks feedback on digital payments validation norms by Sep 15
 

NEW DELHI – The Reserve Bank of India today released a draft framework on alternative authentication mechanisms for digital payment transactions. The central bank had first mooted such a framework after the February monetary policy review. The RBI has sought feedback on the draft norms by Sep 15.

 

The framework will widen the choice of authentication factors available to both users and payment system operators, the RBI said. It had noted in February that SMS-based one-time password had become the most popular authentication tool. 

 

"With innovations in technology, alternative authentication mechanisms have emerged in recent years," the RBI had said in February. "To facilitate the use of such mechanisms for digital security, it is proposed to adopt a principle-based 'Framework for authentication of digital payment transactions'". RBI Deputy Governor T. Rabi Sankar at the time had said that the market should ensure a level-playing field for digital payments.  More

 

The draft framework consolidates authentication-related directions from 21 earlier RBI circulars. The central bank said that digital payments transactions should be validated using eight principles. The first should be a mandatory additional factor of authentication, which would check more than one authentication factor. At least one of these factors should be dynamically created, which would be unique to a transaction and created after its initiation.

 

Both factors should be in different categories from three specified by the norms, to ensure robustness of each transaction, the RBI said. The first category, something the user knows, includes passwords, passphrases or personal identification numbers. The second, something the user has, comprises card hardware or a software token. The third, something the user is, includes fingerprints or other forms of biometric authentication.

 

Issuers of digital payment modes can change the approach to authentication based on the risk profile of the customer, beneficiary, transaction value or channel of origination, among others, the norms said. Issuers must obtain explicit permission from the customer before enabling any new factor of authentication, after the norms are in place, the RBI said. The customer should be able to deregister from such a factor of authentication.

 

Each digital transaction should have a near real-time customer alert system, except for small-value offline transactions, the draft norms said. Issuers of digital payment modes should not enter exclusivity contracts with either a payment or technology service provider, which could limit its ability to deploy other authentication methods. Token service providers shall ensure that the device environment supports tokenisation on a non-exclusive basis, for transactions involving tokenised cards.

 

The issuer must ensure the robustness of the technology or process used for authentication, before it is deployed to customers. It will also be liable for any such technology deployed to authenticate digital transactions, the draft norms said.

 

The only exemptions for customer authentication were small value contactless card payments, up to 5,000 rupees, and small value digital payments in offline mode, up to 500 rupees. Other exemptions are for e-mandates for recurring transactions, and for the use of some prepaid instruments and the national electronic toll collection system.  End

 

Reported by Aaryan Khanna

Edited by Aditya Sakorkar

 

For users of real-time market data terminals, Informist news is available exclusively on the NSE Cogencis WorkStation.

 

Cogencis news is now Informist news. This follows the acquisition of Cogencis Information Services Ltd by NSE Data & Analytics Ltd, a 100% subsidiary of the National Stock Exchange of India Ltd. As a part of the transaction, the news department of Cogencis has been sold to Informist Media Pvt Ltd.

 

Informist Media Tel +91 (11) 4220-1000

Send comments to feedback@informistmedia.com

 

© Informist Media Pvt. Ltd. 2024. All rights reserved.