RBI Issues Risk-Based Checks In Fresh Digital Payment Guidelines

The Reserve Bank of India (RBI) has on Thursday, September 25, 2025 issued final guidelines for authentication mechanisms for digital payment transactions. 

Earlier, RBI had issued draft directions on ‘Alternative Authentication Mechanisms for Digital Payment Transactions’ on July 31, 2024 and draft directions on introduction of ‘Additional Factor of Authentication (AFA) in cross-border Card Not Present (CNP)’ transactions on February 07, 2025, for stakeholder comments.

Effective April 1, 2026, the new framework will allow issuers to adopt additional risk-based checks beyond the mandatory two-factor authentication, depending on a transaction's fraud risk.

Also Read: Thinking of Buying a House? Q3 Sales Fall but Prices Still Climb - Why

After having received public feedback on the same, India's apex bank has incorporated it in the final directions.  

• The directions, inter alia, focus on the following: Encouraging introduction of new factors of authentication by leveraging upon technological advancements. The framework, however, does not call for discontinuation of SMS based OTP as an authentication factor.
• Enabling issuers to adopt additional risk-based checks beyond the minimum two-factor authentication based on the fraud risk perception of the underlying transaction.
• Facilitating interoperability and open access to technology
• Delineating the responsibility of Issuers.
• Mandating card issuers to validate AFA in non-recurring cross-border CNP transactions whenever such a request is raised by the overseas merchant or acquirer.
• These directions shall be complied with by April 01, 2026, unless indicated otherwise for any particular direction.