The RBI on Thursday said that it has decided to come out with a new framework for authentication of digital payment transactions and introduce additional norms to enhance the security of the Aadhaar Enabled Payment System (AePS).
Over the years, the Reserve Bank has prioritised security of digital payments, in particular the requirement of Additional Factor of Authentication (AFA). Although the RBI has not prescribed any particular AFA, the payments ecosystem has largely adopted SMS-based One Time Password (OTP). With innovations in technology, alternative authentication mechanisms have emerged in recent years.
“To facilitate the use of such mechanisms for digital security, it is proposed to adopt a principle-based ‘Framework for authentication of digital payment transactions’. Instructions in this regard will be issued separately,” the RBI said.
To enhance the security of AePS transactions, it is proposed to streamline the onboarding process, including mandatory due diligence, for AePS touchpoint operators, to be followed by banks. Additional fraud risk management requirements will also be considered. Instructions in this regard shall be issued shortly, the RBI said.
Aadhaar Enabled Payment System, operated by NPCI, enables customers to perform digital payment transactions in assisted mode. In 2023, more than 37 crore users undertook AePS transactions, which points to the important role played by AePS in financial inclusion.
