India tightens digital payments safety with new BIS guidelines
What's the story
The Bureau of Indian Standards (BIS) has launched new guidelines to boost the security of India's digital payments system. The guidelines, which focus on biometric authentication, QR code-based transactions, and digital currency security, aim to reduce fraud risks and improve interoperability. This move comes in light of the rapid growth of India's digital financial ecosystem and the need to build confidence among developed economies where QR code payments are still a novelty.
Security measures
Concerns over fraud and data misuse
The introduction of biometric-based authentication systems and QR code transactions in India has raised concerns over fraud, identity theft, data misuse, and vulnerabilities in the digital payment infrastructure. With over 218 billion digital payment transactions through QR code scans and biometric authentication from April to February of FY26, regulators are now looking for a structured security framework to guide banks, fintech companies, and payment service providers.
International expansion
QR code-based payment system in international markets
India's QR code-based payment system is already operational in countries like Singapore, UAE, France, Nepal, Bhutan, Sri Lanka and Mauritius. The service is also set to launch in Japan soon. According to Finance Ministry data, digital payments worth ₹284.7 trillion were made from April to February of FY26.
Biometric security
Security framework for biometric financial services
As per a BIS order reviewed by Mint, one of the new standards lays down a security framework for biometric use in financial services. It includes requirements for secure biometric authentication systems, protection of biometric data, safeguards against spoofing or identity manipulation, secure storage and transmission of biometric information. The standard also sets protocols to ensure the integrity and reliability of authentication systems used by financial institutions.
Payment security
Guidelines for secure QR code payments
Another BIS standard focuses on security for code-scanning payment systems. The guideline provides advice on secure QR code generation, encryption practices, verification mechanisms and safeguards to prevent risks such as fake QR codes, payment redirection and unauthorized transaction processing. This is especially important given the widespread use of QR code-based payments in India's retail and small merchant ecosystem.
Digital currency security
New standards for digital currencies
BIS has also issued new standards to address security aspects related to digital currencies. The guideline lays down security considerations for digital currency infrastructure, including cryptographic safeguards, transaction validation processes, system resilience against cyber threats and risk management mechanisms for digital currency platforms. This is part of India's pilot central bank digital currency project which has seen over 120 million transactions worth over ₹280 billion.