Digital payments will now be more secure, with verification using fingerprint and password in addition to OTP.
On Thursday, September 25th, the Reserve Bank of India issued new rules to make digital payments more secure and reliable. Under these rules, online transactions will no longer be solely based on SMS-based OTPs.
The Reserve Bank of India has taken a major step towards digital payments. On Thursday, September 25th, the Reserve Bank of India issued new rules to make digital payments more secure and reliable. Under these rules, online transactions will no longer be solely based on SMS-based OTPs; customers can also make payments using fingerprint, face recognition, password, PIN, or other biometric options. These new rules will be implemented from April 1st, 2026.
Two-factor authentication will now be stronger.
Currently, most banks and payment apps use only OTPs to verify transactions. However, even after the new rules, OTPs will continue to be used, but they will not be the only payment option. Under the Reserve Bank of India's new rules, three categories of verification will be valid.
1. Anything possessed by the user—such as a mobile phone, hardware token
2. Information known to the user—such as a password, PIN, or passphrase
3. User identity—such as biometrics, fingerprints, or face recognition
Every transaction will now have unique verification.
Regarding the new rules, the RBI has clearly stated that every payment must have at least one authentication factor that is unique and unique to that transaction. This means that old or repeatable codes will no longer be valid, significantly reducing the likelihood of fraud. With these changes, banks and payment providers will now be able to conduct risk analysis to ensure transaction security. This will include transaction location, user behavior, device information, and previous transactions. Additional verification and secure platforms like digital lockers will be used for high-risk payments.
Violations and Compensation
Under the new rules, if a customer loses money due to digital fraud due to negligence or non-compliance by a financial institution, the relevant institution will be required to fully compensate for the loss. Furthermore, these strict verification rules will also be implemented for card-not-present transactions abroad, effective October 1, 2026. This measure will specifically apply to transactions conducted outside India.
