RBI proposes to adopt a principle-based Framework for authentication of digital payment transactions
Mumbai : Over the years, the Reserve Bank has prioritised security of digital payments, in particular the requirement of Additional Factor of Authentication (AFA). Though RBI has not prescribed any particular AFA, the payments ecosystem has largely adopted SMS-based One Time Password (OTP). With innovations in technology, alternative authentication mechanisms have emerged in recent years. To facilitate the use of such mechanisms for digital security, it is proposed to adopt a principle-based “Framework for authentication of digital payment transactions”. Instructions in this regard will be issued separately.
Enhancing the Robustness of AePS :
Aadhaar Enabled Payment System (AePS), operated by NPCI, enables customers to perform digital payment transactions in assisted mode. In 2023, more than 37 crore users undertook AePS transactions, which points to the important role played by AePS in financial inclusion. To enhance the security of AePS transactions, it is proposed to streamline the onboarding process, including mandatory due diligence, for AePS touchpoint operators, to be followed by banks. Additional fraud risk management requirements will also be considered. Instructions in this regard shall be issued shortly.
Introduction of Programmability and Offline Functionality in Central Bank Digital Currency (CBDC) Pilot
The CBDC Retail (CBDC-R) pilot currently enables Person to Person (P2P) and Person to Merchant (P2M) transactions using Digital Rupee wallets provided by pilot banks. It is now proposed to enable additional use cases using programmability and offline functionality. Programmability will permit users like, for instance, government agencies to ensure that payments are made for defined benefits. Similarly, corporates will be able to program specified expenditures like business travel for their employees. Additional features like validity period or geographical areas within which CDBC may be used can also be programmed. Second, it is proposed to introduce an offline functionality in CBDC-R for enabling transactions in areas with poor or limited internet connectivity. Multiple offline solutions (proximity and non-proximity based) across hilly areas, rural and urban locations will be tested for this purpose. These functionalities will be introduced through the pilots in a gradual manner.