New Delhi
Digital payments in India will become more secure starting April 1, 2026, as the Reserve Bank of India introduces stricter authentication rules, making transactions safer but slightly more time-consuming.
Under the new guidelines issued by the Reserve Bank of India, two-factor authentication will be mandatory for all online transactions, including payments made through UPI, debit and credit cards, and mobile wallets. This marks a significant shift from the current system, where one-time passwords are often sufficient to complete transactions.
With the revised framework, users will be required to undergo at least two layers of verification. In addition to OTP, this could include a PIN, password, biometric authentication, or a secure token. The move is aimed at addressing growing concerns over digital fraud, particularly phishing attacks and SIM swap scams, where OTP-based systems have been exploited by cybercriminals.
The central bank’s decision comes in response to the rising number of unauthorised transactions reported across the country. By introducing an additional security layer, the regulator aims to enhance user trust and safeguard financial data in an increasingly digital economy.
For consumers, the changes may result in slightly longer transaction times, especially when using new devices or conducting high-value payments. However, officials have indicated that routine transactions on trusted devices will remain relatively seamless, ensuring convenience is not significantly compromised.
A notable feature of the new system is its risk-based approach. The level of authentication required will vary depending on the nature, value, and behavioural patterns associated with each transaction. This adaptive mechanism is designed to strike a balance between security and user experience.
In addition, the new rules place greater accountability on banks and payment service providers. In cases where fraud occurs due to lapses in their systems, financial institutions may be required to compensate affected customers. This provision is expected to improve grievance redressal and encourage stronger cybersecurity measures across the sector.
The Reserve Bank of India has also indicated that similar authentication requirements will be extended to international transactions, including cross-border card payments. Full implementation of these norms is scheduled by October 2026, marking a major step forward in strengthening India’s digital payment ecosystem.