The Reserve Bank of India intends to implement additional factor authentication (AFA) for online international card-not-present transactions in order to beef up the security of overseas payments. A card-not-present transaction enables a remote payment, which does not require the physical card, to be processed via a point-of-sale device or terminal. AFA involves using multiple factors to authenticate a payment instruction, a measure that was previously required only for domestic transactions.
The RBI stated that its new proposal would add an extra layer of security for transactions where the international merchant supports AFA. A draft circular will be issued following feedback from stakeholders.
“Introduction of AFA for digital payments has enhanced the safety of transactions, which in turn provided confidence to customers to adopt digital payments. In order to provide a similar level of safety for online international transactions using cards issued in India, it is proposed to enable AFA for international card-not-present (online) transactions as well,” the RBI said in a statement on developmental and regulatory policies.
Last year, the banking regulator released a draft framework aimed at enhancing the security of digital payments through alternative authentication methods.
The framework mandates that all digital payment transactions, except for card-present transactions, must include a dynamically generated authentication factor.
The authentication factor, generated during the payment process and unique to each transaction, cannot be reused. The framework outlines that authentication factors may include:
- Something the user knows: Such as passwords, passphrases, or PINs.
- Something the user has: Physical devices like ATM cards or software tokens.
- Something the user is: Biometric identifiers, including fingerprints or facial recognition.
