In a major step towards improving digital payment security, the Reserve Bank of India (RBI) has revealed plans to introduce Additional Factor Authentication (AFA) for cross-border “Card Not Present” (CNP) transactions. This initiative is designed to safeguard international transactions made with Indian-issued cards, making them as secure and resistant to fraud as domestic transactions.
As online shopping continues to grow and fraudulent activities become more common, this new security measure is anticipated to bolster consumer protection and enhance confidence in international digital transactions.
What is Additional Factor Authentication (AFA)?
Additional Factor Authentication (AFA) is a multi-step security process that requires cardholders to confirm their transactions using more than one method. This extra layer of security greatly minimizes the chances of unauthorized access and fraud in online transactions.
AFA in Domestic vs. International Transactions
Domestic Transactions:
- Previously, AFA wasmandatory only for domestic online transactionsin India.
- It typically involved anOTP (One-Time Password)sent to the registered mobile number orbiometric verification.
- The introduction of AFA indomestic paymentshas successfully reduced fraud and increasedconsumer confidence.
International Transactions:
- Until now,international transactionsusingIndian-issued cardsdid not require AFA.
- This created a security gap, making cross-border paymentsvulnerable to cyber threatsand fraud.
- With thisnew directive, RBI is now extendingAFA for international transactions, making them moresecure and reliable.
Why is AFA Needed for International Transactions?
With theboom in e-commerce, Indian consumers are makingmore frequent purchases from overseas merchants. However, these transactions, beingCard Not Present (CNP)payments, carryhigher risksdue to theabsence of physical verification.
Major Risks in International CNP Transactions
- Increased Fraud Risks:Without AFA,cybercriminalscan misuse card details for unauthorized transactions.
- Lack of Direct Merchant Verification:Unlike domestic transactions, where banks have strict security measures,cross-border merchantsmay not follow the same standards.
- Growing Digital Payments Trend:With an increasing number of Indians engaging inglobal e-commerce, security needs tomatch the evolving digital landscape.
Recognizing these risks, theRBI’s new directiveaims toclose the security gapand make international digital transactions as secure asdomestic payments.
RBI’s Proposed Changes for AFA in International Transactions
New Verification Measures
Under this proposal,Indian cardholdersmakinginternational online purchaseswill have to completean additional verification step, such as:
- OTP Verification:AOne-Time Password (OTP)sent to the user’s registered mobile number.
- Biometric Authentication:Transactions may requirefingerprint scansorfacial recognitionfor added security.
RBI’s Next Steps
- RBI willissue a draft circularto gatherfeedback from stakeholders, includingbanks, payment gateways, and merchants.
- Once finalized, theimplementation processwill begin, ensuring asmooth transitionfor consumers.
- This initiative is part of alarger RBI frameworktostrengthen the security of digital paymentsin India.
RBI’s Digital Payment Security Framework
To further improveonline transaction security, RBI introduced adigital payment security frameworklast year. This mandates the use of adynamically generated authentication factorfor everydigital transaction, except forcard-present transactions.
Three Types of Authentication Factors
RBI categorizes AFA intothree types, ensuring that each transaction remainsunique and protected:
- Something the user knows– Examples:Passwords, PINs
- Something the user has– Examples:ATM/Debit Cards, Mobile Devices
- Something the user is– Examples:Fingerprint, Facial Recognition
This multi-layered approach aims toeliminate fraudulent activities, ensuring that each transaction is authenticated througha unique security factorthatcannot be reused.
Impact of AFA on Indian Consumers
Enhanced Consumer Protection
By implementingAFA for international transactions, Indian consumers will benefit from thesame level of securitythat is already in place fordomestic digital payments.
Encouraging Global E-Commerce Participation
With improved security, Indian consumers may feelmore confidentin makinginternational purchases, leading togreater participationin the global e-commerce market.
Reduced Fraud & Unauthorized Transactions
This move willminimize online fraud, preventing cases wherestolen or leaked card detailsare used forunauthorized transactions.
Seamless Transition & Adoption
Banks and financial institutions will need toupgrade their verification systemsto align with theRBI’s new security guidelines. Consumers should stayupdatedon changes and ensure theircontact detailsare up to date to receive OTPs and verification alerts.
