The Reserve Bank of India (RBI) has released new guidelines on authentication for digital payment transactions, set to take effect from April 1, 2026. The framework mandates two-factor authentication for all digital payments, though no specific method is enforced. The central bank said that digital payments must use at least one changing proof, like a password, OTP, or fingerprint, except for card-present transactions.

The RBI also emphasised risk-based checks, interoperability, and issuer responsibilities. Additionally, by October 1, 2026, card issuers must implement risk-based mechanisms for cross-border card-not-present (CNP) transactions. The guidelines aim to enhance security across India’s fast-growing digital payments ecosystem.