RBI Two Factor Authentication (2FA): All You Need to Know

Mumbai, April 1: Starting Wednesday, online transactions will require two-factor authentication which is made mandatory by the Reserve Bank of India for a digital transaction to take place. Previously, there was only one layer of security users had to go through while transacting online: that of the OTP or one time password which you received on your mobile to authenticate any transaction.

But in view of the increased risk of frauds online, the OTP may not be of much use in authenticating your transactions online. They are highly vulnerable to online scams and cyber villains looking to defraud you can easily game OTPs and lay hands on your money.

What is the Change?

Keeping all this in mind, the authorities have decided to have two factors in place to guard your digital assets while transacting online, instead of the usual one which looks highly outdated and susceptible to online fraud. But they are not entirely doing away with the OTP. As part of the two security checks made compulsory for digital transactions, the OTP can still play the role of one of the two security checks.

Let’s dive into the details for a clearer picture through the FAQs or frequently asked questions listed below:

How Will the Double Security Check Affect Me?

Previously you were using only SMS-based OTPs to carry out online transactions. Now you will be going through double security checks and one of them may or may not include the SMS-based thingy. Again, don’t freak out. You guys have been doing it with credit cards already! So, it’s familiar territory!

Won’t the Double Security Checks Make Transactions Tedious?

Better safe than sorry, and besides everything is sped up and virtualised these days, so why fret an extra few seconds, unless you wanna fall prey to cyber bandits who can easily work around that ancient and outdated thing called SMS OTP.

What Are the Security Checks I Need To Go Through Starting From Today?

There are only two, there’s only an added extra. So here’s how the new double security check could work for you and your friends:

• OTP combined with a PIN
• Biometrics like fingerprint or facial recognition plus device binding
• Token-based authentication along with a password

It is to be noted that in token-based authentication, software tokens will be generated within banking applications and hardware tokens will produce unique security codes.

What if Fraud Still Takes Place?

If fraud occurs because banks couldn’t properly put in place the double security checks, you get compensated, as mandated by the central bank.

Are There More Security Checks Coming This Way?

Kind of: Similar security standards will be extended to cross-border transactions by October 1 this year.