India's RBI mandates two-factor authentication for all digital transactions

Economic Times
Change
India's RBI requires two-factor authentication for all digital transactions effective April 1, mandating that each transaction include at least one dynamic element such as a one-time password, biometric verification, or device-based authentication.
India's RBI mandates two-factor authentication for all digital transactions
Why it matters
Payment systems can no longer rely on single-factor, SMS-only verification as a sufficient control, raising the operational bar for authentication flows. Engineering, vendor-integration, and compliance work must be completed to prevent increased transaction rejections and regulatory non-compliance.
Implications
  • Retail banks' digital payments and fraud teams must implement and validate non-SMS second-factor methods in production or face increased declined transactions and compliance violations.
  • Mobile wallet and payment-app providers' engineering and compliance teams must integrate biometric or device-based authentication and update customer flows or incur transaction rejections.

Unlock the decision layer.

Go beyond headlines — see impact, exposure, and timing.

  • Implications: What actually changes downstream.
  • Who is affected: Which teams or operators are exposed.
  • What to watch: Deadlines, triggers, and next moves.
  • Real-time alerts: Know the moment a change is published.
  • Ask AI: Clarify any brief instantly, in context.

14-day free trial. Full access. No credit card required.

Start free trial
Source

Economic Times

Topics

Regulatory Actions Compliance Financial Services Fintech & Payments

Stay updated

Don’t check for changes.
Get them as they happen.

Get real-time alerts for executed changes, a daily briefing of what matters, and a weekly summary to stay on top — without having to check constantly.

Start free trial

14-day free trial. Full access. No credit card required.