India's RBI mandates two-step verification for digital payments
Payment service providers must enforce two-step verification on all digital payments
Change
India's Reserve Bank of India requires every digital payment to use two-step verification from April 1, mandating at least one dynamic element such as a one-time password, biometric confirmation, or device-based authentication.
Why it matters
Every digital payment must include an additional dynamic authentication element (one-time password, biometric verification, or device-based authentication). Static SMS-only one-time-password flows do not meet the new RBI requirement and must be replaced or augmented.
Implications
- — Payment processors, digital-wallet platforms, card issuers and acquiring banks must implement two-step verification with a dynamic authentication element immediately — failure to be compliant exposes transactions and firms to regulatory non-compliance under RBI rules.
- — Compliance teams at banks and non-bank payment service providers must update authentication controls and document readiness immediately — failing to do so creates supervisory exposure and regulatory action risk.
Unlock the full brief.
- Implications: What this forces you to change — operations, exposure, or compliance.
- Who is affected: Which roles, contracts, and obligations are exposed.
- What to watch: Binding deadlines and enforcement dates.
- Real-time alerts: Delivered the moment a change is published.
- Ask AI: Ask what this means for your specific role.
Source
View on Economic Times