The Reserve Bank of India (RBI) has introduced a new Framework on Alternative Authentication Mechanisms for Digital Payment Transactions to bolster online payment security. This initiative emphasises the importance of Additional Factor of Authentication (AFA) in protecting digital transactions.
Current Authentication Practices
Authentication Factor Aggregation (AFA) involves using multiple factors to verify payment instructions. Traditionally, SMS-based One-Time Passwords (OTPs) have been the most common method for AFA in digital payments. However, advancements in technology have led the RBI to explore alternative authentication methods.
Also read: Sonova launches first of its kind hearing aid with real-time AI: Here’s how it works
RBI’s New Framework
On July 31, 2024, the RBI announced the new framework, which underscores the need for AFA while recognizing the potential of other technological solutions to enhance security. Authentication factors are divided into three types by the framework:
1. Knowledge-based: Information known to the user, such as passwords, passphrases, or PINs.
2. Possession-based: Items the user possesses, such as hardware or software tokens.
3. Inherence-based: Attributes unique to the user, such as fingerprints or other biometrics.
Also read: iPhone, Mac and iPad users, update software urgently to avoid getting hacked – Check Indian Government’s alert
Risk-Based Authentication
The framework allows issuers, including banks and non-banks, to use a risk-based approach to determine the appropriate AFA for each transaction. Considerations include transaction value, origination channel, and the risk profiles of the customer and beneficiary. Issuers must promptly notify customers of eligible digital payment transactions.
Exemptions to AFA Requirements
Certain low-risk transactions are exempt from AFA requirements under the new framework. These include:
1. Small-value contactless card payments up to ₹5,000 at Point of Sale (PoS) terminals.
2. E-mandates for recurring transactions in specific categories and limits, such as:
- Mutual fund subscriptions up to ₹1 lakh
- Insurance premium payments
- Credit card bill payments
- Other e-mandates up to ₹15,000
- Utility payments can be made with specific types of prepaid instruments, namely those designated for mass transit and gift purposes.
- Transactions within the National Electronic Toll Collection (NETC) System.
Also read: Elon Musk takes OpenAI to court, claims ChatGPT-maker prioritises profits over public benefit
Technological Advancements and Future Directions
During its February Monetary Policy Committee (MPC) meeting, the RBI acknowledged the rise of alternative authentication methods driven by technological advancements. The need for a principle-based framework to authenticate digital payment transactions effectively is becoming increasingly clear.