RBI Introduces Additional Factor Authentication for International Transactions

February 8, 2025

The Reserve Bank of India (RBI) has announced enhancement to the security of online payments. This new measure focuses on cross-border “Card Not Present” (CNP) transactions. The introduction of Additional Factor of Authentication (AFA) aims to ensure that international digital transactions using Indian-issued cards are as secure as domestic ones. This move comes in response to the increasing volume of online shopping and the associated rise in fraud risks.

About Additional Factor of Authentication (AFA)

  • AFA is a security process that requires more than one method of verification to authenticate a transaction.
  • Previously, AFA was mandated only for domestic transactions.
  • This additional layer of security typically involves a One-Time Password (OTP) or biometric verification.
  • Its implementation has reduced fraud in domestic online payments, encouraging consumer confidence.

The Need for AFA in International Transactions

  • With the rise of e-commerce, Indian consumers are increasingly purchasing goods from overseas merchants.
  • However, without AFA, these cross-border transactions have remained vulnerable to cyber threats.
  • The absence of physical card verification increases the risk of fraud.
  • The RBI has recognised this gap and is extending AFA to cover international CNP transactions, thereby enhancing consumer protection.

Proposed Changes by RBI

The RBI’s proposal will require cardholders to undergo additional verification when making international purchases. This may include OTPs sent to registered mobile numbers or biometric checks. The RBI aims to issue a draft circular for stakeholder feedback shortly. This initiative is part of a broader framework to improve the security of digital payments in India.

Framework for Digital Payment Security

  • Last year, the RBI introduced a draft framework to enhance digital payment security.
  • This framework mandates that all digital transactions, excluding card-present ones, must use a dynamically generated authentication factor.
  • This factor is unique to each transaction and cannot be reused.
  • The framework categorises authentication factors into three types
    • Something the user knows – Examples include passwords and PINs.
    • Something the user has – This includes physical devices like ATM cards.
    • Something the user is – This encompasses biometric identifiers like fingerprints.

Implications for Indian Consumers

The introduction of AFA for international transactions is expected to provide Indian consumers with a similar level of security as that offered for domestic transactions. This measure will likely encourage more consumers to engage in online shopping with overseas merchants, knowing their payments are safeguarded against fraud.

« »

Month: 

Category: 

Leave a Reply

Your email address will not be published. Required fields are marked *