By Consultants Review Team
The Reserve Bank of India (RBI) is contemplating the adoption of new technology to counter digital scams, potentially replacing mobile one-time passwords (OTPs). OTPs, commonly utilized for verifying digital payments, have become vulnerable to exploitation by scammers. The proposed measures aim to bolster security by leveraging authentication apps or biometric sensors on smartphones, effectively mitigating risks associated with SIM swapping and device espionage.
RBI's strategy revolves around augmenting security measures while granting users greater control over payment transactions. By discontinuing SMS-based OTP authentication, the central bank seeks to heighten security standards, thereby rendering it more arduous for hackers to circumvent protective barriers.
In comparison, other platforms such as X (formerly Twitter) have already transitioned from SMS-based verification to authentication apps, demonstrating the efficacy of this approach in fortifying security protocols. The RBI recognizes the imperative to address prevailing security concerns and may opt for Multi-Factor Authentication (MPIN), akin to the Unified Payments Interface (UPI) framework, to bolster transaction security.
However, the transition from OTPs to authentication apps poses inherent challenges, particularly for users reliant on feature phones devoid of app compatibility. Ensuring inclusivity and accessibility for all users, irrespective of their smartphone capabilities, remains a paramount consideration for the RBI.
While specifics regarding the timeline and implementation remain ambiguous, the necessity for a paradigm shift in security protocols is indisputable. The RBI endeavors to devise a solution that strikes a delicate balance between security enhancement and ensuring universal accessibility for all users.
Additionally, Paytm Payments Bank recently received directives from the RBI to cease accepting new deposits or top-ups in customer accounts, wallets, or FASTags after February 29, citing non-compliance with regulatory mandates. This underscores the regulator's commitment to enforcing stringent adherence to regulatory standards within the digital payments ecosystem.