RBI proposes alternate authentication framework, streamlining in AePS

Mumbai, Feb 8, 2024 

Measures to address frauds in the financial system 

The Reserve Bank of India has proposed to adopt a principle-based framework for the authentication of digital payment transactions to promote alternate ways for additional factor authentication, in addition to SMS-based one-time passwords.

Governor Shaktikanta Das said that although the RBI had not specified any particular Additional Factor of Authentication (AFA) mechanism, SMS-based OTP has become very popular. However, in recent years, with technological advancements, alternative authentication mechanisms have emerged, and in order to aid in their adoption, the RBI has proposed to constitute a principle-based framework for the same.

“Therefore, to facilitate the adoption of alternative authentication mechanisms for enhancing the security of digital payments, it is proposed to put in place a principle-based framework for the authentication of such transactions,” Governor Shaktikanta Das said.

According to experts, this move is expected to nudge both innovation and enhance security in the area of digital transactions.

“This move will promote innovation in the area of digital payments. It remains to be seen which alternatives can prove to be viable in the long run. The SMS-based OTP, while necessary and useful, has added a layer of friction for those transactions that require an additional factor of authentication when compared with transactions that do not, the most key among the latter being payments via Wallet instruments,” said Shivaji Thapliyal, Head of Research and Lead Analyst, Yes Securities.

According to Ankit Ratan, CEO & Co-founder at Signzy, the trust in the digital ecosystem is affected by the rising financial cybercrimes, with nearly 1.1 million cases of frauds amounting to Rs 7,488.6 crore being registered in 2023.

“By adopting a principle-based framework for authentication, businesses not only curb financial frauds but will also be able to provide a secure environment for its customers and protect their data,” Ratan added.

During the post monetary policy press meet, Governor Das noted that, “OTP is not being reviewed. With the movement of time, various other technologies and methods have come up. We just want to tell the players that there are other methods also and the RBI will be agnostic to them. As long as they are sound methods, banks and institutions are free to adopt them.”

In addition, the RBI has also suggested streamlining the onboarding process of Aadhaar Enabled Payment System (AePS) service providers and introducing some additional fraud risk management measures, which will strengthen the security of the system while enhancing its robustness.

According to the RBI, in 2023, more than 37 crore users undertook AePS transactions, highlighting the importance played by the segment in financial inclusion.

“To enhance the security of AePS transactions, it is proposed to streamline the onboarding process, including mandatory due diligence, for AePS touchpoint operators, to be followed by banks. Additional fraud risk management requirements will also be considered,” said the RBI in its statement.

The banking regulator further added that the instructions regarding AePS will be issued shortly.

Both these measures are expected to help in controlling the frauds in the system.

“The new framework for digital payment authentication together with more stringent due diligence requirements for Aadhaar Enabled Payment Systems will help curtail fraud risk,” said Zarin Daruwala, Cluster CEO, India and South Asia markets (Bangladesh, Nepal and Sri Lanka), Standard Chartered Bank.

[The Business Standard]