India, Sept. 26 -- A year after proposing alternate methods of additional factor of authentication (AFA) for digital transactions, the Reserve Bank of India (RBI) has released new directions, making two-factor authentication (2FA) mandatory for all digital transactions from April 1, 2026.

An AFA requires the use of more than one factor for authentication of a payment instruction. The new framework aims to strengthen digital payment security while enabling smoother and more flexible processes in a rapidly digitising environment.

"The factors of authentication can be from "something the user has", "something the user knows" or "something the user is" and may comprise, inter-alia, password, SMS based OTP, passphrase, PIN, card hardware, so...