The Reserve Bank of India (RBI) has issued sweeping new rules to tighten authentication standards for digital payments, in a bid to curb rising fraud in the sector. The guidelines, released on September 25, 2025, under the Authentication Mechanisms for Digital Payment Transactions Directions, 2025, mandate stronger security protocols across all domestic digital transactions. RBI Mandates Dynamic Authentication for All Digital Payments by April 2026 All payment system providers, including banks and non-bank entities, are required to comply with the rules by April 1, 2026. The measures build on the long-standing two-factor authentication norm but go further by requiring at least one dynamic factor of authentication for all digital transactions, excluding card-present payments. The Reserve Bank of India ( @RBI ) releases new guidelines on authentication for #digital payment transactions, set to take effect from April 1, 2026. The framework mandates two-factor authentication for all digital payments, though no specific method is enforced. The central… pic.twitter.com/NH7xKuMmzm — All India Radio News (@airnewsalerts) September 25, 2025 This means that credentials such as SMS-based one-time passwords (OTPs), biometric data, or hardware tokens must be unique to each transaction, preventing reuse or compromise. The RBI said the framework is designed to help the payments ecosystem adapt to new technologies while maintaining consumer protection and market integrity. The directions also extend safeguards to cross-border transactions using cards issued in India. From October 1, 2026, card issuers will be required to validate non-recurring cross-border “card-not-present” transactions and introduce risk-based checks for all such payments, in line with anti-fraud standards. Issuers will bear direct responsibility for ensuring the robustness of authentication systems. In cases where losses occur due to non-compliance, issuers must fully compensate affected customers. The RBI also instructed that all authentication mechanisms must adhere to the provisions of the Digital Personal Data Protection Act, 2023. The framework emphasizes interoperability, requiring system providers to ensure that tokenization and authentication services are accessible across devices, applications, and storage mechanisms. This open-access approach is expected to standardize security across the fast-expanding payments market. In addition, the RBI has encouraged issuers to adopt a risk-based approach to authentication. Transactions may be assessed against behavioral and contextual parameters such as user location, device attributes, and historical spending patterns. High-risk transactions could face additional layers of verification, with DigiLocker proposed as a platform for customer notification and confirmation. While the new directions primarily cover domestic payments, they also establish a timeline for cross-border compliance, requiring issuers to register their Bank Identification Numbers (BINs) with global card networks by October 2026. The RBI described the rules as a milestone in its effort to address growing risks in digital transactions, noting that fraud and unauthorized access have become a major concern as digital payment adoption continues to surge in India. With digital transactions now accounting for the majority of retail payments in the country, the central bank’s latest crackdown shows the increasing priority regulators are placing on securing the financial system against cyber threats. India Tops Global Crypto Adoption Index but Faces Rising Fraud Cases India now leads the world in cryptocurrency adoption, topping the 2025 Chainalysis Global Crypto Adoption Index across all four sub-indices. The Chainalysis 2025 Global Crypto Adoption Index is out: India ranks #1, the United States #2 #Crypto #Global https://t.co/4ILYULhj1p — Cryptonews.com (@cryptonews) September 3, 2025 Yet the surge in grassroots use and financial integration has been accompanied by a wave of fraud cases and enforcement actions. On August 6, the Enforcement Directorate (ED) raided 11 locations in Delhi and other cities in connection with a $29 million Bitcoin fraud. Investigators say scammers posed as police, government agents, and even tech support staff from Microsoft and Amazon to extort money from victims at home and abroad. Illicit funds were allegedly laundered through USDT and hawala networks in the UAE. The raids came just a day after the ED began probing a $4.7 million scam involving a spoofed Coinbase website. India’s crypto-related crime has also reached the courts. On August 31, an anti-corruption court sentenced 14 men , including 11 current and former police officers and one ex-legislator, to life in prison over the 2018 abduction of businessman Shailesh Bhatt. An Indian anti-corruption court has sentenced 14 men to life in prison for the 2018 kidnapping and extortion of a businessman. #India #Crypto https://t.co/6IkTlMFlL4 — Cryptonews.com (@cryptonews) August 31, 2025 The group forced him to transfer Bitcoin and cash, with prosecutors calling it one of the most high-profile crypto extortion cases in the country. Despite adoption, regulatory caution remains. A government document dated September 10 indicated India will not pursue a comprehensive crypto law but will maintain partial oversight through taxation and compliance. India stalls full crypto framework due to systemic risk fears. Officials plan to maintain partial oversight with strict taxation rules. #Crypto #India #RBI https://t.co/hH14ySucmR — Cryptonews.com (@cryptonews) September 10, 2025 Authorities noted risks tied to speculative trading and stablecoins, warning their growth could disrupt India’s payments system. India’s approach has dampened exchange volumes through a 30% tax on gains and a 1% levy on transactions, though global platforms continue to operate under Financial Intelligence Unit registration. Officials estimate Indians hold around $4.5 billion in digital assets, showing the paradox: world-leading adoption alongside systemic skepticism and recurring fraud. The post India Cracks Down on ‘Alarming’ Digital Payments Fraud With Strict New Rules appeared first on Cryptonews .
