New Authentication Norms From April 2026
The new framework retains SMS OTPs while allowing issuers to deploy risk-based security checks.
In a move to ensure payment security, the Reserve Bank of India (RBI) issued its final guidelines on authentication mechanisms for digital transactions on Thursday.
The guidelines will aim to strengthen security while encouraging technological innovation to prevent fraud. The new framework, effective April 1, 2026, allows issuers to implement additional risk-based checks beyond the standard two-factor authentication, depending on the fraud risk associated with each transaction.
RBI tightens rules on card transactions
While the RBI directive encourages the adoption of emerging technologies for authentication, it also emphasises the continuation of SMS-based one-time passwords (OTPs).
A key point in the directive is that card issuers will now be required to validate additional authentication for non-recurring, cross-border, card-not-present (CNP) transactions if requested by overseas merchants or acquirers.
Fraud-prevention framework
The central bank had released draft guidelines in July 2024 and February 2025, seeking stakeholder feedback. It added key suggestions to the final version after examining the responses. The framework also emphasizes interoperability, issuer accountability, and broader access to advanced authentication tools.
For updates and corrections, email newsroom[at]stocktwits[dot]com.
The most relevant Indian markets intel delivered to you everyday.