RBI Proposes New Ways to Secure Digital Payments in India
The Reserve Bank of India (RBI) has released a draft framework to improve the security of digital payments by introducing alternative authentication methods to supplement the existing SMS-based OTP system.
Key Points of the Draft Framework
The RBI noted that while the SMS-based OTP system is effective, technological advancements have made alternative methods available. The draft framework discusses the Additional Factor of Authentication (AFA), which involves using more than one factor to authenticate a payment instruction.
Customer Consent and Deregistration
The draft specifies that issuers must obtain explicit consent from customers before enabling any new authentication factor. Customers should also have the option to deregister from using the new authentication method.
Dynamic Authentication Factors
All digital payment transactions, except card-present transactions, must ensure that one of the authentication factors is dynamically created, specific to the transaction, and cannot be reused.
Real-Time Alerts
Issuers must have a system to alert customers in near real-time for all eligible digital payment transactions.
Prohibition of Exclusive Arrangements
The draft prohibits transaction issuers from entering into exclusive arrangements with any Payment Service Provider or Technology Service Provider, which could limit their ability to implement alternative authentication solutions.
Proposed E-Mandates
The RBI has proposed e-mandates for recurring transactions in mutual funds, insurance premiums, and credit card bill payments for values up to Rs 1 lakh, and for all other categories for values up to Rs 15,000.
Exemptions
Small-value card-present transactions up to Rs 5000 per transaction in contactless mode at Point of Sale (PoS) terminals are exempt from the AFA requirement.
The central bank has invited comments and feedback on the draft framework until September 15, 2024. The proposed alternative authentication mechanisms aim to provide more choices for authentication factors to Payment System Operators and users.
Doubts Revealed
RBI -: RBI stands for the Reserve Bank of India. It is the central bank of India, which means it controls the money supply and helps keep the country’s economy stable.
Digital Payments -: Digital payments are ways to pay for things using electronic methods, like using a phone app or a card, instead of cash.
SMS-based OTP -: SMS-based OTP means getting a one-time password (OTP) sent to your phone through a text message (SMS) to confirm a payment.
Authentication -: Authentication is a way to make sure that the person making a payment is really who they say they are, like using a password or fingerprint.
Customer Consent -: Customer consent means that the customer agrees to something, like using a new way to pay, after being fully informed about it.
Deregister -: Deregister means to remove or cancel your registration or agreement to use a service.
Real-time Alerts -: Real-time alerts are instant notifications you get, like a message on your phone, to tell you about something that just happened, like a payment.
Service Providers -: Service providers are companies that offer services, like phone companies or banks, that help you make digital payments.
E-mandates -: E-mandates are electronic permissions you give to automatically pay for things regularly, like a monthly subscription.
Recurring Transactions -: Recurring transactions are payments that happen regularly, like every month, without you having to do anything each time.
Contactless Transactions -: Contactless transactions are payments you make by just tapping your card or phone on a machine, without needing to enter a PIN or sign anything.