RBI Brings Risk-Based Checks in Fresh Digital Payments Guidelines: What You Should Know?

The Reserve Bank of India (RBI) has unveiled its final guidelines for digital payment transaction authentication. These guidelines, effective from April 1, 2026, aim to enhance security and foster innovation in fraud prevention. The framework allows issuers to implement extra risk-based checks beyond the compulsory two-factor authentication, based on the transaction's fraud risk.

These new directions encourage the use of advanced technologies for authentication while retaining SMS-based one-time passwords. Additionally, card issuers are required to validate extra authentication for non-recurring, cross-border, card-not-present transactions when requested by international merchants or acquirers.

Focus on Security and Innovation

The RBI's initiative is designed to strengthen security measures in digital payments. By allowing issuers to adopt additional checks based on risk assessment, the framework aims to reduce fraudulent activities. This approach not only enhances security but also encourages innovation in fraud prevention techniques.

Draft guidelines were initially released in July 2024 and February 2025. The RBI has incorporated public feedback into the final version of these guidelines. This collaborative approach ensures that the framework addresses concerns from various stakeholders while maintaining robust security standards.

Maintaining Traditional Methods

Despite the push for new technologies, SMS-based

one-time passwords will continue to be a part of the authentication process. This decision reflects a balance between embracing innovation and maintaining tried-and-tested methods that users are familiar with.

The guidelines also address specific scenarios such as non-recurring and cross-border transactions. For these cases, additional authentication measures are mandated when requested by overseas merchants or acquirers. This requirement aims to safeguard international transactions against potential fraud risks.

The RBI's comprehensive approach highlights its commitment to securing digital payment systems while promoting technological advancements. By setting clear guidelines and incorporating public input, the central bank seeks to create a secure and innovative environment for digital transactions in India.