India’s central bank on Thursday issued final guidelines for authentication mechanisms in digital payment transactions, aiming to bolster security and encouraging innovation in fraud prevention.
The Reserve Bank of India said the new framework, effective April 1, 2026, allows issuers to adopt additional risk-based checks beyond the mandatory two-factor authentication, depending on a transaction’s fraud risk.
The directions promote the use of emerging technologies for authentication without phasing out SMS-based one-time passwords.
They also mandate that card issuers validate additional authentication for non-recurring, cross-border, card-not-present transactions when requested by overseas merchants or acquirers.
The RBI, which released draft guidelines in July 2024 and February 2025, said public feedback has been incorporated into the final version.