In a significant move to fortify India’s digital financial landscape, the Reserve Bank of India (RBI) has mandated ‘Two-Factor Authentication’ (2FA) for all digital transactions starting April 1. This directive aims to curb the rising incidents of cyber fraud, phishing attacks, and unauthorized high-value transactions that have surfaced with the rapid growth of UPI and mobile wallets.

According to the new RBI guidelines, every digital payment from April 1 must involve two layers of security. Crucially, one of these factors must be ‘dynamic,’ meaning it must be freshly generated for each specific transaction—such as a One-Time Password (OTP). Other authentication methods include PINs, hardware/software tokens, or biometrics like fingerprint and facial recognition. Banks, card networks, and fintech companies are required to provide their customers with choices on which authentication methods they prefer to adopt.

The RBI has sternly warned that if any financial institution fails to comply with these rules and a fraud occurs, the responsibility will lie solely with that organization. Furthermore, for cross-border or international transactions, this authentication process must be integrated by October 1. This strategic shift by the central bank ensures that while digital payments remain fast, they also become significantly more resilient against modern-day hackers and scammers.