India: RBI asks banks to stop relying on OTP-based authentication, look for safer alternatives

 

Indian central bank, the Reserve Bank of India (RBI), has asked banks in the country to ditch the traditional SMS-based second-factor authentication system and seek safer, advanced alternatives. As per media reports, while there are multiple options available, all include the use of a user’s mobile phone for authentication.

The RBI issued a detailed statement on Development and Regulatory Policies on February 8 on its website but did not lay out instructions in this regard as of now.

Currently, whenever we conduct a digital financial transaction, the fintech firm or bank typically sends an OTP to the mobile number linked to the account as an extra layer of authentication. The transaction can only proceed after entering this OTP, ensuring the security of bank accounts and preventing unauthorised use of financial data.

The RBI has not indicated any intention to completely eliminate the authentication process, but rather to streamline the AFA (additional factor of authentication) process.

“Though RBI has not prescribed any particular AFA, the payments ecosystem has largely adopted SMS-based one-time password (OTP). With innovations in technology, alternative authentication mechanisms have emerged in recent years. To facilitate the use of such mechanisms for digital security, it is proposed to adopt a principle-based "Framework for authentication of digital payment transactions," reads the statement.

In the same context, the RBI has suggested simplifying the onboarding process for Aadhaar-enabled payment system (AePS) touchpoint operators, to be supervised by banks. Additionally, they will consider additional requirements for managing fraud risks.

Safer OTP-less alternative

Route Mobile's latest initiative, TruSense, has introduced an innovative OTP-less authentication system. This method allows service providers to establish direct data connections with users' devices, facilitating identification and token exchange without requiring OTP input from users.

David Vigar, Executive Vice President overseeing digital identity, warned against relying solely on biometrics for authentication. He highlighted the risks posed by advancements in artificial intelligence, particularly the potential for deepfake technology to bypass facial recognition systems.

Comments

Post a Comment

Popular posts from this blog

Senior Citizen Train Ticket Discount: Government has issued a new statement regarding giving discount to senior citizens on train tickets, know the details here

Cash Transaction Rules: Income tax rules on cash transaction between Husband-Wife and Son-Father, know rules

Have a Current/Savings Bank Account? Know the Cash Deposit Limits under Income Tax Act to avoid Penalties and Notices