According to RBI guidelines, as a measure to prevent fraud, two-factor authentication for all digital transactions, including the popular UPI platform, has come into effect from Wednesday. The transaction will be completed only when the user completes both the phases of verification. This means that even if someone sees your PIN, no unauthorized payment will be possible. According to the Reserve Bank of India (RBI), all digital payment transactions in India are required to follow the rule of two-factor authentication. Although no specific method of authentication was prescribed, the digital payment ecosystem has mainly adopted SMS-based one-time passwords (OTP) as an additional method.
new rule started
RBI had said that all payment system providers and people involved in the payment system, including banks and non-banking institutions, will follow these guidelines by April 1, 2026. The central bank has introduced two-factor authentication (2FA) to reduce bank fraud and improve accountability. From today i.e. April 1, users will not be able to transact just by entering their UPI PIN, but they will also have to verify the transaction through one-time password (OTP), fingerprint authentication or facial recognition. Apart from this, users will not be able to take screenshots or screen recordings in the banking app, as this has been completely banned to protect the users from any kind of fraud.
What does the director of the bureau say?
Due to 2FA, there may be a delay of a few seconds in the transaction, because the user has to enter a second OTP. Anil Tadimetti, director (strategy and regulatory affairs) of the bureau, said that in an ecosystem like UPI, where transactions are completed in a matter of seconds, the only right time to take action is before the transaction is completed. He further said that this is where authentication needs to be further improved. Trust must be built based on context – combining who you are, what you know, and what you have – and by evaluating these signals in real time.