1. Introduction
Explains the purpose of the Directions: to mandate two-factor authentication (2FA) for digital payments and to enable alternative, technology-driven authentication methods beyond SMS-based OTP.
2. Effective Date
Specifies that all payment system providers and participants must comply by April 1, 2026, unless noted otherwise.
3. Applicability
Clarifies that the Directions apply to:
- All domestic digital payment transactions (unless exempted).
- All banks and non-bank entities acting as payment system providers or participants.
4. Definitions
Defines key terms used throughout the document, including:
- Authentication, Card Present/Not Present (CNP) transactions, Cross-border CNP, Digital Payment Transaction, Factor of Authentication, and Issuer.
5. Principles for Authentication of Digital Payment Transactions
Outlines the core requirements for any authentication mechanism:
- Two distinct factors of authentication as listed in the Definitions.
- At least one dynamic factor, unique to each transaction.
- Robustness, ensuring compromise of one factor does not weaken the other.
- Exemptions to 2FA are detailed in Annexure-1.
6. Interoperability / Open Access
Mandates that authentication or tokenisation services must be accessible across all applications, channels and token storage methods in a given operating environment, ensuring a level playing field for all participants.
7. Risk-Based Approach
Allows issuers to apply additional security checks—such as behavioural analysis, device attributes and transaction history—for high-risk transactions and suggests using platforms like DigiLocker for notification/confirmation.
8. Responsibility of the Issuer
Specifies issuer obligations:
- Ensure integrity and robustness of their authentication systems.
- Fully compensate customers for any losses arising from non-compliance.
- Adhere to the Digital Personal Data Protection Act, 2023.
9. Cross-Border Transactions
Extends similar authentication requirements to online international card transactions using cards issued in India, aligning with prior RBI policy on cross-border safety.
10. Repeal
States that any previously issued directions on authentication for digital payments are repealed upon the effective date.
Annexures
- Annexure-1: Lists exemptions to the two-factor authentication requirement.
- Annexure-2: Provides additional details or templates related to implementation, such as sample risk-assessment parameters or technical specifications.
- RBI Relaxation in Current and Cash Credit Norms: A Game-Changer for Business Finance
The RBI’s December 2025 amendments fundamentally reshape business financing by removing restrictions on cash credit accounts and raising current account thresholds to Rs 10 crore. These relaxations in current and cash credit norms enhance working capital accessibility, enabling businesses to optimize liquidity management and reduce operational financing costs significantly. - RBI’s New Minimum Balance Rule effective from Dec 10, 2025: Everything You Need to Know
The Reserve Bank of India’s updated minimum balance framework, effective December 10, 2025, reduces penalties to ₹200 maximum and introduces flexible thresholds. Urban savings accounts require ₹500 minimum, rural accounts ₹200, while zero balance BSBD accounts eliminate requirements entirely, promoting financial inclusion across India’s banking sector. - Amendment to Commercial Banks Directions to Include NBFCs and HFCs: A Game-Changer for Financial Regulation
The RBI’s December 2025 amendment extends regulatory oversight to Non-Banking Financial Companies and Housing Finance Companies within banking groups. This consolidated supervisory framework eliminates regulatory gaps, enforces harmonized prudential standards, and ensures comprehensive group-level risk management across India’s financial services sector. - RBI Cuts Repo Rate To 5.25%: What It Means For You, Your Loans And The Economy
The RBI cut the repo rate by 25 basis points to 5.25%, supporting economic growth while maintaining inflation control. This rate reduction lowers borrowing costs for home loans, personal loans, and businesses, encouraging consumption and investment across the economy. - Recent Changes in Bank Account Nomination Rules: What Every Account Holder Should Know
The RBI’s new bank account nomination rules 2025 allow up to four nominees with digital registration. Learn how these changes simplify claim settlement, protect your family’s financial security, and why updating your nomination matters today.