RBI Introduces Two-Factor Verification for Online Payments
The Reserve Bank of India (RBI) is introducing two-factor verification for online payments starting April 1st. These new measures aim to enhance security by requiring dual authentication methods and combating rising cyber-attacks. All digital transaction channels will be affected, with a later date for international transactions.
Highlights
- •RBI mandates two-factor verification for all online payments
- •Risk-Based Authentication (RBA) increases scrutiny on large or suspicious transactions
- •Implementation spans UPI, card, net banking, and PPIs immediately
- •International transactions subject to delayed regulation starting October 2026
The new financial year, starting on April 1st, marks the implementation of significant changes in digital payments. The Reserve Bank of India (RBI), as the regulatory body overseeing all banking activities, imposes stringent measures to enhance security and protect consumers from fraud.
Enhancing Security with Two-Factor Verification
In line with these developments, every online payment transaction will require verification through at least two distinct methods. The RBI's new framework underscores the importance of a dynamic verification process. This could include biometric factors such as fingerprints or facial recognition alongside traditional forms like mobile PINs and UPI PINs.
While small transactions may continue to be subject to lower scrutiny, large or suspicious payments will require strict validation procedures, a practice often referred to as Risk-Based Authentication. For now, users have relied on just One-Time Passwords (OTPs) and Personal Identification Numbers (PINs). However, the upcoming changes mandate a more robust system.
These measures are in response to the increasing instances of cyber-attacks and fraudulent activities. According to recent reports, digital payments are witnessing rapid growth, but this has also come with an uptick in financial crimes. The traditional SMS-based OTP is no longer considered secure enough for modern security demands.
The new regulations will be applicable across all forms of digital payment channels including UPI, card transactions, net banking, and prepaid payment instruments (PPIs). However, international transactions conducted through online platforms are subject to a later implementation date starting October 1, 2026. These changes aim to reduce phishing incidents and unauthorized transactions, making the digital payments landscape more secure for all users.
The impact of this move is significant, as all users will now be required to adhere to these stringent verification protocols, with no exceptions or exemptions available.
