RBI wants banks to shift to adopting a principle-based system while looking for an alternative to OTP
Indian banks have shown unwillingness to move away from the current one-time password (OTP)-led second-factor authentication (2FA), regardless of the Reserve Bank of India’s (RBI) suggestion. Lenders stance rests on the maxim, “If it ain’t broke, don’t fix it”. The lenders so far have not found any issues with the OTP measure, which motivates them to look for an alternative, according to a Moneycontrol report.
RBI suggested the Indian banks look for an alternative to the one-time password (OTP)-led second-factor authentication (2FA). The plan was initially shared by the RBI on its website in a Statement on Development and Regulatory Policies released on February 8. Although the regulator hasn’t released a detailed roadmap, it has plans to adopt a principle-based system.
“Though RBI has not prescribed any additional Factor Authentication (AFA), the payments ecosystem has largely adopted SMS-based one-time passwords (OTP). With innovations in technology, alternative authentication mechanisms have emerged in recent years. To facilitate the use of such mechanisms for digital security, it is proposed to adopt a principle-based “framework for authentication of digital payment transactions,” RBI said in a statement.
Currently, when we do an online financial transaction, the bank sends an OTP, as an additional measure of authentication on the mobile number linked with the bank account. It enables a secured transaction, as only after entering the OTP is the transaction allowed to go through. The popular 2FA or AFA has been in place for more than a decade now.
The recommendation by the RBI comes amidst the net banking via UPI payments becoming popular modes of payments. Additionally, the increasing frequency of online banking related frauds has also raised concerns about secured online transactions. The regulator is looking for more secure technologies for authentication of online payments.
“When RBI introduced 2FA, banks were given the option to choose their preferred method. OTPs were the easiest and cheapest solution then. However, technology has advanced much, but banks are striking with what worked well for them. But merchants want newer solutions, and change is likely to be driven by them and the regulator,” Minkasu Pay founder and CEO, Anbu Gounder, said in the MoneyControl report. Minkasu Pay is a startup based in Silicon Valley, California.