RBI has mandated at least two factors of authentication for all digital payments starting April 1, 2026. So far, most digital payments relied on SMS-based OTP verification as a second layer of security. Issuers may offer customers options to authenticate, including methods like passwords, passphrases, PINs, SMS-based OTPs, card hardware, software tokens, fingerprints, or other biometric methods.