The Reserve Bank of India has tabled a new draft of Framework on Alternative Authentication Mechanisms for Digital Payment Transactions, focussing on various authentication forms required while making payments online. The central bank has made digital payments security its top priority. This decision was prompted by the emphasis on the need for Additional Factor of Authentication (AFA) when carrying out payment transactions. It is important to note that authentication processes previously did not have any specific criteria in place.
Also Read– Sovereign Gold Bonds: Investors would fetch 12% returns from next set of redemption on Aug 5
Authentication Factor Aggregation (AFA) refers to the utilisation of multiple factors to verify a payment instruction. In the present digital payment landscape, the prevalent method of AFA involves the use of SMS-based One-Time Passwords (OTPs).
The RBI in a press release issued on July 31, 2024, said, “The Reserve Bank of India has prioritised security of digital payments, in particular the requirement of Additional Factor of Authentication (AFA) for making payments. No specific factor was mandated for authentication, but the digital payments ecosystem has primarily adopted SMS-based OTP as AFA. While OTP is working satisfactorily, technological advancements have made available alternative authentication mechanisms.”
The central bank further said: “Any credential input by the customer which is verified for the purpose of confirming the originator of a payment instruction. The factors of authentication are broadly categorised as below:
> Something the user knows (such as password, passphrase, PIN)
> Something the user has (such as card hardware or software token)
> Something the user is (such as fingerprint or any other form of biometrics)
Unless otherwise specified in this framework, all digital payment transactions will be verified through the use of an additional factor of authentication (AFA).
As per the RBI draft, when determining the proper AFA for a transaction, issuers such as banks, non banks can use a risk-based methodology that takes into account the transaction value, origination channel, customer and/or beneficiary risk profiles, among other factors. Issuers must have a mechanism in place to notify customers of any eligible digital payment transactions almost instantly.
Read More: PNB Hikes Lending Rate By 5 Bps Across Tenors, Loans To Get Costlier
According to the draft framework by the RBI, small-value contactless card payments, e-mandates for recurring transactions, utility payments through select prepaid instruments, and small-value digital payments in offline mode are not subject to AFA requirements
Small value card present transactions for values upto Rs 5000/- per transaction in contactless mode at Point of Sale (PoS) terminals.
E-mandates for recurring transactions beyond the initial payment are permissible for the following categories and transaction limits:
a) Mutual fund subscription: Up to Rs 1,00,000.
b) Insurance premium payments.
c) Credit card bill payments.
For all other transaction categories, e-mandates are allowed for values up to Rs 15,000.
Utility through select Prepaid Instruments / NETC:
The following categories of instruments/systems: Prepaid Instruments (PPIs) issued under PPI – Mass Transit Service and Gift PPIs.
Transactions in the National Electronic Toll Collection (NETC) System
Read More: 7th Pay Commission: Central Govt Employees Likely To Get 3% DA Hike in September, Check Details
In its February MPC meeting, the central bank had mentioned that over the recent years, there has been a rise in alternative authentication methods due to technological advancements. Consequently, there is an increasing requirement to implement a principle-driven structure for authenticating digital payment transactions.
RBI Governor Shaktikanta Das said: “With innovations in technology, alternative authentication mechanisms have emerged in recent years. To facilitate the use of such mechanisms for digital security, it is proposed to adopt a principle-based “Framework for authentication of digital payment transactions”. Instructions in this regard will be issued separately.”
The central bank said it would issue comprehensive guidelines separately that will delineate the specifics of this fundamentally based authentication framework.
For more news like this visit Officenewz.com
