RBI mandates 2-factor authentication for online payments from April 2026
RBI has mandated at least two factors of authentication for all digital payments starting April 1, 2026. So far, most digital payments relied on SMS-based OTP verification as a second layer of security. Issuers may offer customers options to authenticate, including methods like passwords, passphrases, PINs, SMS-based OTPs, card hardware, software tokens, fingerprints, or other biometric methods.