The RBI released a draft circular proposing an Alternative Factor Authentication for all transactions in a move to prioritise security of digital payments, according to its statement on July 31.
The draft circular mentioned the principles for authenticating digital payments. It added that an additional factor of authentication was mandatory, must be robust and one of them be dynamically created, that is a factor is generated and can be used only once. In addition to these, the banking regulator also said the kind of factor should be determined based on a host of parameters including a risk profile of the customer and transaction value among others. The RBI has also mandated compulsory customer consent before a new factor of authentication in addition to choice to withdraw consent and deregister.
Contactless cards with a value lower than ₹5000 per transaction, insurance premium, credit card payments above ₹1,00,000 and any other categories up to ₹15,000 are exempted from the proposal. Comments and feedback from stakeholders are kept open till September 15.