In a major step towards improving digital payment security, the Reserve Bank of India (RBI) has revealed plans to introduce Additional Factor Authentication (AFA) for cross-border “Card Not Present” (CNP) transactions. This initiative is designed to safeguard international transactions made with Indian-issued cards, making them as secure and resistant to fraud as domestic transactions.
As online shopping continues to grow and fraudulent activities become more common, this new security measure is anticipated to bolster consumer protection and enhance confidence in international digital transactions.
What is Additional Factor Authentication (AFA)?
Additional Factor Authentication (AFA) is a multi-step security process that requires cardholders to confirm their transactions using more than one method. This extra layer of security greatly minimizes the chances of unauthorized access and fraud in online transactions.
AFA in Domestic vs. International Transactions
Domestic Transactions:
- Previously, AFA was mandatory only for domestic online transactions in India.
- It typically involved an OTP (One-Time Password) sent to the registered mobile number or biometric verification.
- The introduction of AFA in domestic payments has successfully reduced fraud and increased consumer confidence.
International Transactions:
- Until now, international transactions using Indian-issued cards did not require AFA.
- This created a security gap, making cross-border payments vulnerable to cyber threats and fraud.
- With this new directive, RBI is now extending AFA for international transactions, making them more secure and reliable.
Why is AFA Needed for International Transactions?
With the boom in e-commerce, Indian consumers are making more frequent purchases from overseas merchants. However, these transactions, being Card Not Present (CNP) payments, carry higher risks due to the absence of physical verification.
Major Risks in International CNP Transactions
- Increased Fraud Risks: Without AFA, cybercriminals can misuse card details for unauthorized transactions.
- Lack of Direct Merchant Verification: Unlike domestic transactions, where banks have strict security measures, cross-border merchants may not follow the same standards.
- Growing Digital Payments Trend: With an increasing number of Indians engaging in global e-commerce, security needs to match the evolving digital landscape.
Recognizing these risks, the RBI’s new directive aims to close the security gap and make international digital transactions as secure as domestic payments.
RBI’s Proposed Changes for AFA in International Transactions
New Verification Measures
Under this proposal, Indian cardholders making international online purchases will have to complete an additional verification step, such as:
- OTP Verification: A One-Time Password (OTP) sent to the user’s registered mobile number.
- Biometric Authentication: Transactions may require fingerprint scans or facial recognition for added security.
RBI’s Next Steps
- RBI will issue a draft circular to gather feedback from stakeholders, including banks, payment gateways, and merchants.
- Once finalized, the implementation process will begin, ensuring a smooth transition for consumers.
- This initiative is part of a larger RBI framework to strengthen the security of digital payments in India.
RBI’s Digital Payment Security Framework
To further improve online transaction security, RBI introduced a digital payment security framework last year. This mandates the use of a dynamically generated authentication factor for every digital transaction, except for card-present transactions.
Three Types of Authentication Factors
RBI categorizes AFA into three types, ensuring that each transaction remains unique and protected:
- Something the user knows – Examples: Passwords, PINs
- Something the user has – Examples: ATM/Debit Cards, Mobile Devices
- Something the user is – Examples: Fingerprint, Facial Recognition
This multi-layered approach aims to eliminate fraudulent activities, ensuring that each transaction is authenticated through a unique security factor that cannot be reused.
Impact of AFA on Indian Consumers
Enhanced Consumer Protection
By implementing AFA for international transactions, Indian consumers will benefit from the same level of security that is already in place for domestic digital payments.
Encouraging Global E-Commerce Participation
With improved security, Indian consumers may feel more confident in making international purchases, leading to greater participation in the global e-commerce market.
Reduced Fraud & Unauthorized Transactions
This move will minimize online fraud, preventing cases where stolen or leaked card details are used for unauthorized transactions.
Seamless Transition & Adoption
Banks and financial institutions will need to upgrade their verification systems to align with the RBI’s new security guidelines. Consumers should stay updated on changes and ensure their contact details are up to date to receive OTPs and verification alerts.
