A logo of the Reserve Bank of India (RBI) is seen during the Global Fintech Fest in Mumbai. (Photo by Ashish Vaishnav/SOPA Images/LightRocket via Getty Images)

Arnab Paul·Stocktwits

Published Sep 25, 2025 | 5:43 AM GMT-04

Share this article

In a move to ensure payment security, the Reserve Bank of India (RBI) issued its final guidelines on authentication mechanisms for digital transactions on Thursday.

The guidelines will aim to strengthen security while encouraging technological innovation to prevent fraud. The new framework, effective April 1, 2026, allows issuers to implement additional risk-based checks beyond the standard two-factor authentication, depending on the fraud risk associated with each transaction.

RBI tightens rules on card transactions

While the RBI directive encourages the adoption of emerging technologies for authentication, it also emphasises the continuation of SMS-based one-time passwords (OTPs).

A key point in the directive is that card issuers will now be required to validate additional authentication for non-recurring, cross-border, card-not-present (CNP) transactions if requested by overseas merchants or acquirers.

Fraud-prevention framework

The central bank had released draft guidelines in July 2024 and February 2025, seeking stakeholder feedback. It added key suggestions to the final version after examining the responses. The framework also emphasizes interoperability, issuer accountability, and broader access to advanced authentication tools.

For updates and corrections, email newsroom[at]stocktwits[dot]com.

Subscribe to The Daily Rip India

All Newsletters

The most relevant Indian markets intel delivered to you everyday.

Read about our editorial guidelines and ethics policy

Retail Announcements Equities India