The Reserve Bank of India (RBI), the central bank of India, has instructed banks in the country to enhance their security measures by moving away from the traditional SMS-based second-factor authentication system. Media reports suggest that the RBI is urging banks to adopt safer and more advanced alternatives for authentication, all of which involve the use of a user’s mobile phone.
Current Authentication Process:
Currently, when we make digital financial transactions, banks or fintech companies send a one-time password (OTP) to the mobile number linked to our account. We need to enter this OTP to complete the transaction, which adds an extra layer of security to our accounts and prevents unauthorized access to our financial information.
RBI’s Directive:
The RBI has not provided specific instructions yet but issued a detailed statement on Development and Regulatory Policies on February 8. While they haven’t laid out precise guidelines, the RBI aims to streamline the Additional Factor of Authentication (AFA) process.
Alternative Authentication Mechanisms:
The RBI acknowledges the reliance on SMS-based OTPs but suggests exploring alternative authentication methods that have emerged with technological advancements. They propose a principle-based “Framework for authentication of digital payment transactions” to facilitate the use of such mechanisms for digital security.
Simplified Onboarding Process for AePS:
In addition to upgrading authentication methods, the RBI suggests simplifying the onboarding process for Aadhaar-enabled payment system (AePS) touchpoint operators, to be supervised by banks. They also plan to introduce additional requirements to manage fraud risks effectively.
Innovative OTP-less Authentication System:
Route Mobile’s TruSense initiative has introduced a new authentication system that doesn’t rely on OTPs. This method enables service providers to establish direct data connections with users’ devices, facilitating identification and token exchange without requiring OTP input from users.
Caution against Sole Reliance on Biometrics:
David Vigar, Executive Vice President overseeing digital identity, warns against relying solely on biometrics for authentication. He highlights the risks posed by advancements in artificial intelligence, particularly the potential for deepfake technology to bypass facial recognition systems.