India's RBI mandates two-factor authentication for all digital payments

Economic Times
Change
India's RBI required, effective April 1, that all digital transactions use two-factor authentication with at least one dynamic element such as a one-time password, biometric verification, or device-based authentication.
India's RBI mandates two-factor authentication for all digital payments
Why it matters
Single-factor SMS-based verification will no longer meet compliance and payment flows relying only on static or single-step checks must be upgraded. Payment platforms must adopt risk-based, adaptive checks and integrate support for dynamic secondary authentication methods.
Implications
  • Mobile wallets and payment aggregators' engineering teams must update checkout flows to capture and verify a dynamic second factor before completing transactions.
  • Card issuers' and acquirers' transaction risk teams must implement Additional Factor of Authentication for card-not-present cross-border transactions and adjust authorization routing to enforce compliance.

Unlock the decision layer.

See what the change means — implications, exposure, timing — and ask AI about any brief instantly.

  • Implications: What actually changes downstream.
  • Who is affected: Which teams or operators are exposed.
  • What to watch: Deadlines, triggers, and next moves.
  • Ask AI: Clarify any brief instantly, in context.

14-day free trial. Full access. No credit card required.

Start free trial
Source

Economic Times

Topics

Financial Services Fintech & Payments

Stay updated

Don’t check for changes.
Get them as they happen.

Get real-time alerts for executed changes, a daily briefing of what matters, and a weekly summary to stay on top — without having to check constantly.

Start free trial

14-day free trial. Full access. No credit card required.