Not OTP, RBI proposes new verification mode for digital payments

The Reserve Bank of India (RBI) on Thursday said that it will float a new way to verify digital payments other than One Time Passwords (OTP). The central bank over the years has given priority to the security of digital payments, in particular the requirement of an Additional Factor of Authentication (AFA). Though RBI has not recommended any particular AFA, the payment mediums have largely adopted SMS-based One Time Passwords (OTP). But now, RBI wants to look into new ways to authenticate online transactions. 

Speaking during the monetary policy statement address, RBI Governor Shaktikanta Das said: "With innovations in technology, alternative authentication mechanisms have emerged in recent years. To facilitate the use of such mechanisms for digital security, it is proposed to adopt a principle-based “Framework for authentication of digital payment transactions”. Instructions in this regard will be issued separately."

The central bank plans to issue comprehensive guidelines separately that will delineate the specifics of this fundamentally based authentication framework. At present, for Unified Payment Interface (UPI) transactions, banks typically require an OTP for authentication purposes. However, the OTP system is not foolproof. According to the finance ministry records, India reported over 95,000 cases of UPI fraud in the 2022-23 fiscal. 

The cases of digital crime are rising at an alarming rate, which have compelled the central bank to augment their security measures beyond the standard SMS-based One-Time Password (OTP) system. 

Last week, RBI disclosed that the Reserve Bank of India’s (RBI) Digital Payments Index, a measure of the extent of digitisation of payments across the country, increased to 418.77 in September 2023 from 395.57 in March 2023. 

“The RBI-DPI index has increased across all parameters and was driven particularly by growth in payment enablers, payment performance, and consumer centricity across the country over the period,” the central bank said in a release.

The RBI-DPI comprises five broad parameters that measure the penetration of digital payments in the country over different time periods.

These parameters include Payment Enablers (weight 25 per cent), Payment Infrastructure – Demand-side factors (10 per cent), Payment Infrastructure – Supply-side factors (15 per cent), Payment Performance (45 per cent), and Consumer Centricity (5 per cent).

Also read: Why action was taken against Paytm Payments Bank? Here's what the RBI said

Also read: RBI MPC meet: Central bank maintains status quo, keeps repo rate unchanged at 6.5%