RBI new rules from April 1: OTP alone inadequate; banks liable to compensate for fraud losses

Under the new framework, banks will follow strict security rules and if fraud occurs due to system failures or lapses, they will be responsible to compensate users

Our Web Desk Published 01.04.26, 02:51 PM

Representational image. File image

Starting April 1, 2026, several key changes to digital payments and banking rules have come into effect in India, as the Reserve Bank of India moved to tighten security norms and curb rising fraud risks.

Under the new framework, two-factor authentication (2FA) will become mandatory for all digital transactions, meaning One-Time Passwords (OTPs) alone will no longer be enough to complete transactions.

Every payment will have to go through two verification steps, which can include a PIN, password or biometric verification.

The move comes in response to the growing risks associated with OTP-based systems.

These fraud risks have exposed gaps in the system, with increasing instances of phishing, SIM swap scams and other cyber scams.

Keeping in mind that security should come with convenience, banks will make low-risk transactions from trusted devices, quick and seamless, whereas high-risk large payments or payments from new devices may trigger additional verification steps, reported NDTV.

According to sources, many banking applications are expected to transition to secure, encrypted in-app notification approvals to replace traditional SMS codes, which increase vulnerability.

The RBI has also increased accountability for bank and payment platforms.

Banks will have to follow strict security rules and if fraud occurs due to system failures or lapses, they will be responsible to compensate users. Faster resolution of fraud-related complaints will also be a priority.

For cross-border payments including international card payments, RBI has specified similar authentication rules. The implementation of these rules is expected by October 2026, ensuring the same level of safety for both domestic and global transactions.

The digital payment feature has been growing rapidly in India, in the last few years. This has led to an increase in fraud risks, which triggered a need for these new rules to reduce cyber fraud and scams. Aimed at building people's trust in digital payment systems, this will strengthen the safety of UPI and card payments.

RBI new rules from April 1: OTP alone inadequate; banks liable to compensate for fraud losses

Under the new framework, banks will follow strict security rules and if fraud occurs due to system failures or lapses, they will be responsible to compensate users

RELATED TOPICS

Sounds of explosion outside BJP office in Chandigarh, police cordon off area

Iran leader calls for ceasefire; until 'Hormuz is open, clear; will blast Iran' says Trump

India has adequate seeds, fertiliser stocks for Kharif season, says Centre

While common citizens are hoping for relief, BJP remains focused on looting the public

Pakistan not just ‘messenger boy’, its plan with China to end US-Israel war on Iran shows

Leander Paes joins Babul Supriyo, Mithun Chakraborty in Bengal’s ‘celebrity defectors’ list

KitKat heist memes: Domino’s, Penguin, Kerala Tourism turn theft into ad pitch

Middle East war: Maruti Suzuki says higher input costs may lead to price hike

Summer just got worse: Kolkata pools to shut as chemicals dry up in Iran war ripple effect

Stock markets begin FY27 on a high, Sensex surges 1,186 points, Nifty nears 22,700

Donald Trump considers Nato exit after allies withhold support on Iran action: Report

Transgender Bill gets presidential assent, here's what is at stake for queer people