|
Aiming at further strengthening the security of digital transactions, the Reserve Bank of India (RBI) on Wednesday proposed to introduce additional factors of authentication for digital transactions.
In the draft guidelines on ‘Alternative Authentication Mechanisms for Digital Payment’, the central bank asked banks and payment system providers to use an additional factor of authentication which is dynamically created for a specific transaction.
A dynamic factor of authentication means that the password or pin number will be time sensitive, initiated during the transaction and can not be reused. Currently, digital transactions are authenticated by SMS-based OTP (one time password).
“All digital payment transactions shall be authenticated with an additional factor(s) of authentication (AFA), unless exempted otherwise in this framework,” said the RBI.
“All digital payment transactions, other than card present transactions, shall ensure that one of the factors of authentication is dynamically created, i.e. the factor is generated after initiation of payment, is specific to the transaction and cannot be reused,” it added.
All payment system providers and payment system participants (banks and non-banks) shall ensure compliance with this framework within three months from the date of issue of these directions, said the banking regulator.
Small value contactless card payments for up to Rs 5,000 at point of sale terminals, e-mandates for recurring transactions, and small value digital payments through offline mode will be excluded from these guidelines.
Experts say these guidelines are aimed to make digital transactions more secure. There have been cases where customers have been tricked to share their OTPs, leading to financial loss to them. Since the additional factor of will be dynamic in nature, it will be only known to the real user, lowering the chance of any fraud.
“Issuers shall have a system of alerting the customer in near real time for all eligible digital payment transactions,” said the RBI.
|
