RBI Issues New Directions on Authentication Mechanisms for Digital Payments, Effective April 2026
The Reserve Bank of India (RBI) on September 25, 2025, has issued Reserve Bank of India (Authentication Mechanisms for Digital Payments Transactions) Directions, 2025.
RBI had issued draft directions on Alternative Authentication Mechanisms for Digital Payment Transactions on July 31, 2024, and draft directions on the introduction of Additional Factor of Authentication (AFA) in cross-border Card Not Present (CNP) transactions on February 7, 2025, for stakeholder remark.
RBI examined the public reviews and incorporated them into the final directions. The following are the directions that RBI targeted:
- Motivated launches of new factors of authentication by using technological advancements. The framework, however, does not call for discontinuation of SMS-based OTP as an authentication factor.
- Facilitating interoperability and open access to technology.
- Allowing companies to add extra security checks, on top of the basic two-factor authentication, depending on how risky they think a transaction is.
- Compensating card issuers to validate AFA in non-recurring cross-border CNP transactions whenever such a request is asked by the overseas merchant or acquirer.
- Delineating the responsibility of issuers.
Note: These directions will be effective from April 01, 2026.