RBI issues two-factor check norms
RBI has said that any alternative to the SMS-based OTP as an additional factor of authentication should be dynamically generated.
RBI came out with guidelines for ‘alternative authentication mechanisms for digital payment transactions’ where it listed specifications for the alternatives. “No specific factor was mandated for authentication, but the digital payments ecosystem has primarily adopted SMS-based OTP as AFA.
While OTP is working satisfactorily, technological advancements have made available alternative authentication mechanisms,” RBI said.
RBI believes that the primary factor for authentication should be something the user knows (such as password, passphrase, PIN), something the user has (such as card hardware or software token) something the user is (fingerprint or any other form of biometrics).