| Aspect | Details |
|---|---|
| Event | RBI introduces new regulatory framework for digital payment security |
| Effective Date | April 1, 2026 (mandatory for domestic transactions) |
| Key Requirement | Two-Factor Authentication (2FA) for all digital transactions |
| Applicable Transactions | UPI, net banking, card-based transactions, mobile wallets |
| Exemptions | Small-value, low-risk transactions (as defined by RBI) |
| Permitted Methods | Biometrics, device-based tokens, passphrases, PINs, security questions, OTP generators, native device security features |
| Risk-Based Authentication | Extra verification for high-value, cross-border, or suspicious transactions |
| Implementation | Phased rollout; extended deadlines for cross-border and card-not-present transactions |
| Objective | Reduce reliance on SMS OTPs, enhance security, and improve user experience |
Contact Counsellor