RBI mandates 2-factor authentication for all digital payments

Business Mar 25, 2026

Big update: Starting April 1, 2026, the RBI will make two-factor authentication (2FA) a must for all digital payments, whether you're using cards, UPI, or wallets.
Instead of just an OTP, you'll need to confirm transactions with two different methods, such as a PIN and a fingerprint or device binding.
This is meant to make online payments safer and cut down on scams such as phishing and SIM swaps.

Banks will be responsible for frauds

If banks don't follow these new rules and fraud happens, they'll be held responsible.
The RBI is also rolling out these tougher standards for cross-border card transactions by October 1, 2026, so international payments will get the same level of protection as those in India.