The Reserve Bank of India (RBI) has introduced a draft framework for “Alternative Authentication Mechanisms for Digital Payment Transactions” to enhance the security of digital payments.
- The RBI aims to improve the security of digital payment transactions by introducing alternative methods for authentication beyond the traditional SMS-based One-Time Password (OTP).
About Alternative Authentication Mechanisms:
- All digital payment transactions must be authenticated using an additional factor of authentication (AFA), unless otherwise specified.
- For all transactions other than card-present transactions, one of the authentication factors must be dynamically created. This means:
- The factor is generated post–initiation of payment.
- It is specific to the transaction and cannot be reused.
- The framework is applicable to all Payment System Providers and Payment System Participants as defined in the Payment and Settlement Systems (PSS) Act, 2007.
Risk-Based Methodology:
- Issuer Responsibilities: Banks and non-banks can use a risk-based approach to determine the appropriate AFA, considering factors like transaction value, origination channel, and customer risk profiles.
- Customer Notification: Issuers are required to notify customers of eligible digital payment transactions almost instantly.
Categories of Authentication Factors:
- Something the user knows: Examples include passwords, passphrases, and Personal Identification Numbers (PINs).
- Something the user has: Includes hardware or software tokens.
- Something the user is: Encompasses biometric identifiers such as fingerprints.
Ref: Source
| UPSC IAS Preparation Resources | |
| Current Affairs Analysis | Topperspedia |
| GS Shots | Simply Explained |
| Daily Flash Cards | Daily Quiz |
Frequently Asked Question:
What is the main objective of the RBI’s introduction of the draft framework for “Alternative Authentication Mechanisms for Digital Payment Transactions”?
The main objective is to enhance the security of digital payment transactions by introducing alternative methods for authentication beyond the traditional SMS-based One-Time Password (OTP).
What does AFA stand for, and what is its relevance in digital payment transactions according to the new RBI framework?
AFA stands for Additional Factor of Authentication. It is crucial for authenticating all digital payment transactions, ensuring they are secure and specific to the transaction, and cannot be reused.
According to the RBI’s framework, what are the categories of authentication factors?
The categories of authentication factors include something the user knows (like passwords or PINs), something the user has (such as hardware or software tokens), and something the user is (like biometric identifiers such as fingerprints).
How does the RBI suggest issuers implement a risk-based methodology for determining appropriate AFA?
Issuers, such as banks and non-banks, are suggested to use a risk-based approach to determine the appropriate AFA, considering factors like transaction value, origination channel, and customer risk profiles.
What responsibilities do issuers have regarding customer notifications under the new framework?
Issuers are required to notify customers of eligible digital payment transactions almost instantly, ensuring transparency and security.