Topics In Demand
Notification
New

No notification found.

Suggestions to the RBI on the draft Framework for Alternative Factors of Authentication Mechanisms for Digital Payment Transactions, 2024
Suggestions to the RBI on the draft Framework for Alternative Factors of Authentication Mechanisms for Digital Payment Transactions, 2024

September 16, 2024

65

0

The Reserve Bank of India (RBI) had released a draft  “Framework on Alternative Authentication Mechanisms for Digital Payment Transactions” for public consultation on 31st July, 2024. The aim of the proposed draft framework is to enable the payments ecosystem to adopt alternative authentication mechanisms. This will widen the choice of authentication factors available to Payment System Operators and users.

The digital payments ecosystem in India is rapidly evolving, making the importance of secure authentication mechanisms critical from a cybersecurity perspective. Robust authentication serves as the first line of defense against unauthorised access, fraud, and data breaches, safeguarding both customers and financial institutions. While SMS based OTP authentication mechanisms have been a cornerstone of digital transaction security, these are increasingly becoming vulnerable to interception and social engineering attacks.

Methods of authentication are also improving, with innovations such as behavioural biometrics, geo-location-based authentication, non-hardware-based OTP’s and password-less authentication gaining traction. These emerging methods show potential for enhanced security while improving user experience, making them favourable alternatives to traditional approaches.

In this context, our submission on the draft Framework on Alternative Authentication Mechanisms for Digital Payment Transactions, 2024 (draft framework) highlighted three considerations for the RBI to ensure effective implementation:

1. The dynamic elements of AFA technology are nuanced and our submission illustrates some examples. The RBI should align the interpretation of ‘dynamically created’ AFA with existing industry best practices.

2. We note that there is potential for significant unintended consequences in case of the proposed principles for customer consent and deregistration options. We have highlighted these in our submission and requested the RBI to revisit this principle and its rationale.

3. We requested the RBI to provide additional time, over and above the three months currently proposed, for small players to implement requirements of the draft framework.

Our detailed submission is attached. For any queries related to this submission, please write to Ananya Moncourt (ananya@nasscom.in) or Ashish Aggarwal (asaggarwal@nasscom.in), with a copy to policy@nasscom.in.


That the contents of third-party articles/blogs published here on the website, and the interpretation of all information in the article/blogs such as data, maps, numbers, opinions etc. displayed in the article/blogs and views or the opinions expressed within the content are solely of the author's; and do not reflect the opinions and beliefs of NASSCOM or its affiliates in any manner. NASSCOM does not take any liability w.r.t. content in any manner and will not be liable in any manner whatsoever for any kind of liability arising out of any act, error or omission. The contents of third-party article/blogs published, are provided solely as convenience; and the presence of these articles/blogs should not, under any circumstances, be considered as an endorsement of the contents by NASSCOM in any manner; and if you chose to access these articles/blogs , you do so at your own risk.


Download Attachment

15092024_RBI_DraftAFAFramework_nasscom.pdf

© Copyright nasscom. All Rights Reserved.