The Reserve Bank of India (RBI) has announced a new rule to make digital payments safer.
From April 1, 2026, all digital transactions will require at least two different verification methods, also known as two-factor authentication (2FA).
These may include passwords, OTPs, biometrics, or hardware tokens, helping reduce the risk of online fraud.
Why This Rule?
The main aim is to protect users from frauds like phishing and SIM swapping. Until now, most digital payments in India relied mainly on SMS-based OTPs.
With the new rule, RBI is encouraging the use of modern methods such as biometrics, device-based features, and tokenization.
Key Requirements
Each transaction must include at least one dynamic verification method, which is unique and valid only for that transaction.
If authentication rules are not followed, the payment issuer will be responsible for compensating the customer for any losses.
RBI guidelines also allow for risk-based verification. In such cases, additional security checks may be applied depending on user behavior, device, or location.
Impact
This rule is seen as a major step to strengthen India’s digital payment ecosystem.
It will make transactions more secure, reliable, and user-friendly, ensuring better protection for millions of users against online frauds.
