Starting April 1, the Reserve Bank of India (RBI) has rolled out stricter digital payment rules aimed at improving security and reducing fraud across digital payments.

Under the new framework, all digital transactions must be authenticated using at least two independent factors. This means one-time passwords (OTPs) alone will no longer be sufficient, and users will need an additional verification step such as a PIN, password, biometric authentication or secure token.

The RBI has also introduced a risk-based authentication system. Routine or low-value transactions from trusted devices may remain quick, while higher-value payments or transactions from new devices could require additional verification layers.

The move comes amid rising concerns around OTP-related frauds such as phishing and SIM swap scams, with the central bank pushing for stronger safeguards.

In addition, banks and payment platforms will face stricter accountability. If fraud occurs due to system lapses, they may be required to compensate users and ensure faster resolution of complaints.

Additionally, some operational changes have also been introduced in the UPI ecosystem, including limits on balance checks and revised timings for auto-debit transactions to reduce system load.