 "Monetary policy: New rules for verification of digital payments on cards")
The Reserve Bank of India (RBI) on Thursday proposed to adopt a principle-based framework for authentication of digital payment transactions to promote alternative mechanisms other than the popular SMS-based One Time Passwords (OTP).
Speaking during the monetary policy statement address, RBI Governor Shaktikanta Das said although the central bank had not specified any particular Additional Factor of Authentication (AFA) mechanism, SMS-based OTP has become very popular.
However, in recent years, with technological advancements, alternative authentication mechanisms have emerged and in order to aid in their adoption, RBI has proposed to constitute a principle-based framework for the same, he said.
“Therefore, to facilitate adoption of alternative authentication mechanisms for enhancing the security of digital payments, it is proposed to put in place a principle-based framework for authentication of such transactions,” Das said.
The central bank also suggested streamlining the “onboard process” of Aadhaar Enabled Payment System (AePS) service providers and called for introduction of additional fraud risk management measures which will strengthen the security of the system while enhancing its robustness.
According to RBI, in 2023, more than 37 crore users undertook AePS transactions, highlighting the importance played by the segment in financial inclusion.
More From This Section
“To enhance the security of AePS transactions, it is proposed to streamline the onboard process, including mandatory due diligence, for AePS touchpoint operators, to be followed by banks. Additional fraud risk management requirements will also be considered,” RBI said in a statement.
The banking regulator said that the instructions regarding AePS will be issued shortly. Both these measures are expected to help in controlling the frauds in the system.
“The new framework for digital payment authentication together with more stringent due diligence requirements for Aadhar Enabled Payment Systems will help curtail fraud risk,” said Zarin Daruwala, Cluster CEO, India and South Asia markets (Bangladesh, Nepal and Sri Lanka), Standard Chartered Bank.
According to experts, this move to adopt alternative ways is expected to nudge both innovation and enhance security in the area of digital transactions.
“This move will promote innovation in the area of digital payments. It remains to be seen which alternatives can prove to be viable in the long-run. The SMS-based OTP, while necessary and useful, has added a layer of friction for those transactions that require an additional factor of authentication when compared with transactions that do not, the most key among the latter being payments via Wallet instruments,” said Shivaji Thapliyal, Head of Research and Lead Analyst, Yes Securities.
According to Ankit Ratan, CEO & Co-founder at Signzy, the trust in the digital ecosystem is affected by the rising financial cybercrimes with nearly 1.1 million cases of frauds amounting to Rs 7488.6 crore being registered in 2023.
“By adopting a principle-based framework for authentication, businesses not only curb the financial frauds but will also be able to provide a secure environment for its customers and protect their data,” Ratan added.
During the post monetary policy press meet, Governor Das noted that, “OTP is not being reviewed. With the movement of time, various other technologies and methods have come up. We just want to tell the players that there are other methods also and RBI will be agnostic to them. As long as they are sound methods banks and institutions are free to adopt them.”