In a significant move aimed at bolstering the security and efficiency of digital transactions, the Reserve Bank of India (RBI) has proposed a groundbreaking shift away from the traditional One-Time Password (OTP) system. This paradigm shift was announced alongside the decisions of the Monetary Policy Committee (MPC), reflecting the central bank’s commitment to adapting to technological advancements in the digital payment landscape.
RBI Governor Shaktikanta Das outlined the rationale behind this proposed change, stating, ‘While no particular mechanism was specified by the Reserve Bank, SMS-based OTP has become very popular. With technological advancements, however, alternative authentication mechanisms have emerged in recent years.’ The new system aims to introduce a principle-based framework for authenticating digital transactions, replacing the ubiquitous SMS OTP method.
Under the existing OTP-based system, users receive a one-time code via SMS on their registered mobile numbers, which they must input within a specific time limit to validate and complete the online transaction. However, with the surge in digital transactions, the RBI seeks to encourage the adoption of more advanced and secure authentication solutions by financial institutions.
The proposed principle-based framework grants RBI-regulated entities the flexibility to explore alternative modes of authentication beyond the conventional SMS OTP. This move is not only a response to the evolving technological landscape but also a strategic step towards countering the increasing instances of fraud in digital transactions.
Highlighting the vulnerabilities of the current system, the RBI reported over 95,000 fraudulent UPI transactions recorded between 2022 and 2023. The alarming figures underscore the need for a more robust and foolproof authentication method to safeguard the interests of consumers and financial institutions alike.
The envisioned principles are expected to pave the way for diverse authentication methods, including app-based approval and biometric authentication. By embracing these alternatives, the RBI aims to not only enhance security but also improve the overall user experience during digital transactions.
While detailed instructions about the principle-based framework are yet to be issued separately, the proposed overhaul signifies a proactive approach by the RBI to stay ahead of the curve in the ever-evolving realm of digital finance. As the digital landscape continues to transform, this move is poised to set a new standard for authentication methods, promising a more secure and user-friendly future for digital transactions in India.