More Stories

Informist, Thursday, Sept. 25, 2025

 

Please click here to read all liners published on this story

--RBI issues framework on authentication mechanism for digital payment norms 
--RBI: Digital payment norms encourage new factors of authentication 
--RBI:Digital payments norms allow risk checks beyond 2-factor authentication 
--RBI:Digital payment norms facilitate interoperability, open access to tech 
--RBI: New digital payment authentication norms effective Apr 1

 

MUMBAI – The Reserve Bank of India Thursday issued directions on a framework for authentication mechanisms for domestic digital payment transactions. The guidelines will take effect Apr. 1. After the RBI's Monetary Policy Committee meeting in February, the central bank in its statement on developmental and regulatory policies had proposed to adopt a principle-based "framework for authentication of digital payment transactions".

 

All payment system providers and payment system participants, including banks and non-bank entities, are expected to comply with directions, the document said. The directions also incorporate instructions for specific cross-border card transactions.

 

All digital payment transactions are to be authenticated by at least two different factors of authentication, unless exempted, the document said. At issuer's discretion, they may offer a choice of authentication factors to their customers but should be in compliance with the RBI's directions. One of the factors of authentication should be dynamically created or proven, the document said. A dynamic authentication is proof of possession of the authentication factor being sent as part of the transaction, which is unique to that transaction.

 

According to internal risk management policies, issuers should identify transactions for evaluation against parameters related to context and behaviour, such as location of the transaction, user behaviour pattern, features of the device being used for the transaction and historical transaction profile, the document said.

 

The guidelines are not applicable to cross-border digital payment transactions, the document said. Along with a risk-based mechanism, card issuers are expected to put in place a mechanism to validate non-recurring, cross-border 'card not present' transactions, wherein requests for authentication is raised by an overseas merchant. For compliance, card issuers are expected to register their bank identification numbers with card networks.  End

 

Reported by Cassandra Carvalho

Edited by Akul Nishant Akhoury

 

For users of real-time market data terminals, Informist news is available exclusively on the NSE Cogencis WorkStation.

 

Cogencis news is now Informist news. This follows the acquisition of Cogencis Information Services Ltd. by NSE Data & Analytics Ltd., a 100% subsidiary of the National Stock Exchange of India Ltd. As a part of the transaction, the news department of Cogencis has been sold to Informist Media Pvt. Ltd.

 

Informist Media Tel +91 (22) 6985-4000

Send comments to feedback@informistmedia.com

 

© Informist Media Pvt. Ltd. 2025. All rights reserved.