RBI plans to do away with OTP based authentication. What we know so far
Reserve Bank of India (RBI) is set to do away with the OTP (one time password) based authentication. As of now, the banking regulator has not issued any detailed guidelines. The plan has been shared in a Statement on Development and Regulatory Policies released on Feb 8 on the RBI's website.
The RBI proposed to adopt a principle-based "Framework for authentication of digital payment transactions". The instructions in this regard will be issued separately, the RBI's statement reads. As of now, whenever we carry out a financial transaction digitally, the fintech firm or bank invariably send an OTP as an additional factor of authentication on the mobile number linked to the account.
And only after entering the same OTP, the transaction is allowed to complete. This AFA is a key step to ensure safety of bank accounts and prevent misuse of financial data obtained illegitimately. In fact, RBI has not expressed any desire to phase out authentication process completely but only the process of AFA (additional factor of authentication).
“Though RBI has not prescribed any particular AFA, the payments ecosystem has largely adopted SMS-based one-time password (OTP). With innovations in technology, alternative authentication mechanisms have emerged in recent years. To facilitate the use of such mechanisms for digital security, it is proposed to adopt a principle-based "Framework for authentication of digital payment transactions," reads the statement.
In the same document, the RBI has proposed to streamline the onboarding process of Aadhaar enabled payment system (AePS) for AePS touchpoint operators to be followed by banks. Additional fraud risk management requirements will also be considered. ALSO READ: How Reserve Bank of India plans
. Read more on livemint.com
