New Delhi, Oct. 3 -- The Reserve Bank of India (RBI) has announced revised norms for digital payment authentication, making two-factor authentication (2FA) mandatory and requiring the use of alternatives to SMS-based one-time passwords (OTPs) for compliance.

The new norms follow a February 2024 draft circular that encouraged stakeholders in the Indian digital payment ecosystem to adopt more factors of authentication for validating and confirming customers' credentials.

The banking regulator has asked all payment system providers (PSPs) and payment system participants, including banks and non-bank entities, to comply with the RBI's (Authentication Mechanisms for Digital Payment Transactions) Directions, 2025, by 1 April 2026.

Mint expla...