Security News > 2024 > August > India contemplates compulsory dynamic 2FA for digital payments
India's central bank on Wednesday proposed a requirement for dynamically generated second authentication factors for most digital payments.
"Reserve Bank of India had mandated additional factor of authentication for all transactions undertaken using cards, prepaid instruments and mobile banking channels," explained the central bank.
India's financial sector and digital payments ecosystem primarily adopted SMS-based one-time passwords for AFAs.
Now the Bank wants to move beyond SMS OTP - and to make biometrics an option.
Banks will get to decide what AFA to require - but must make it dynamic.
These include transactions where the card is present to a value below ₹5000, subscriptions to items like mutual funds, insurance premium payments, credit card bill payments that fall within a certain range, digital toll payments, and offline digital transactions - those that don't require internet connectivity - less than ₹500.