RBI is planning to change the OTP you use to authenticate your transactions, here’s how |

The Reserve Bank of India (RBI) has put forth a proposal for implementing a novel system to authenticate digital transactions. This innovative framework, based on principles, is intended to substitute the current One-Time Password (OTP) system used for transactions verification. The central bank introduced this proposition during the announcement of the Monetary Policy Committee’s (MPC) decisions.
Read what RBI Governor has to say
RBI Governor Shaktikanta Das said: “Over the years, the Reserve Bank has proactively facilitated the introduction of various mechanisms such as Additional Factor of Authentication (AFA) for securing digital payments. While no particular mechanism was specified by the Reserve Bank, SMS-based OTP has become very popular. With technological advances, however, alternative authentication mechanisms have emerged in recent years. Therefore, to facilitate the adoption of alternative authentication mechanisms for enhancing the security of digital payments, it is proposed to put in place a principle-based framework for authentication of such transactions.”
Das noted that detailed instructions outlining the specifics about this principle-based framework will be issued separately.
What is the OTP-based system and why RBI wants to replace it
When you initiate an online transaction, most banks send a one-time password (OTP) via SMS to your registered mobile number. You need to enter this OTP within a specified time limit to authenticate and complete the transaction. This SMS-based authentication technique has become the standard method used by financial institutions over the years.
As digital transactions grow in the country, RBI might want to encourage banks to adopt the latest authentication solutions to enhance security and convenience for customers. While SMS-OTP remains popular, they are not foolproof.
In March 2023, the central bank claimed that more than 95,000 fraudulent UPI transactions were recorded between 2022 and 2023.
Under the proposed principles, RBI regulated entities might be offered the flexibility to use other modes of authentication.
The proposed principles are expected to encourage other methods such as app-based approval and biometric authentication.
The alternative system is also expected to improve the security of digital transactions.