Contact us

      RBI released directions on authentication mechanisms for digital payment transactions on 25 September 2025. 1 April 2026 is the effective date of compliance for regulated entities in India. Basis the directions, all digital payment transactions in India are required to authenticate via two factors of authentication (2FA). The directions also call out examples of factors of authentication such as SMS based OTP, PIN, passphrase, software token, and so on.

      Principles for 2FA authentication:

      • Minimum two factors of authentication

        First factor – customer credentials and Second factor - “something the user has”, “something the user knows” or “something the user is”

      • At least one of the factors to be dynamic

        For digital payment transactions (excluding card present transactions) – at least one factor should be dynamic in nature, i.e. unique proof of possession

      • Robust

        Compromise of one factor should not affect reliability of the other

      Other key requirements of 2FA include:

      settings

      Interoperability/Open Access

      Offer services such as tokenisation to all token requestors for all use cases or channels

      emergency

      Risk based approach

      Issuers shall also perform fraud risk management for suspicious transactions

      gpp_good

      Responsibility of the issuer

      To ensure integrity of authentication mechanism, compensate customer in case of any loss, comply with DPDP Act 2023

      The point of view also captures exceptions to the directions such as cross-border transactions and other payment categories.

      RBI authentication mechanisms for digital payment transactions directions, 2025

      RBI has released directions requiring all digital payment transactions in India to be authenticated using two-factor authentication (2FA)

      Download

      How can KPMG in India help

      Use cyber security to protect your future
      Read more

      Transformation driven by data, enabled by digital technology, and led by business initiatives
      Read more

      New challenges and opportunities are quickly reshaping financial services
      Read more

      Key Contacts

      Kunal Pande
      Kunal Pande

      National Leader - Digital Trust for Financial Services Sector, National Co-Head - Digital Risk and Cyber

      KPMG in India

      Rohan Padhi
      Rohan Padhi

      Partner, National Co-Lead, Digital Risk and Cloud Security

      KPMG in India

      Romharsh Razdan
      Romharsh Razdan

      Partner, Digital Trust

      KPMG in India

      Access our latest insights on Apple or Android devices

      kpmg-insights-edge-qr