RBI mandates 2FA for all online payments from April

Business Mar 22, 2026

Big update for anyone who pays online:
Starting April 1, 2026, the Reserve Bank of India (RBI) will require two-factor authentication (2FA) for every digital payment: think passwords, OTPs, or even biometrics.
Whether you use a banking app or a mobile wallet, banks and fintechs will set up the extra security step to help keep your money safe.

New rules for international transactions

By October 1, 2026, card issuers must enable authentication for certain international online transactions, aligning with global payment security standards.
If issuers don't follow the guidelines and fraud happens, they'll have to compensate you.
For smoother checkouts, RBI is allowing risk-based checks, so things like your device or spending habits might decide if extra steps are needed.