Digital Security and Cybersecurity in Payments: The RBI's Latest Measures

A fascinating account of India's transition to digital payments may be found in the Reserve Bank of India's most recent bulletin. As we study the February 2025 bulletin, several groundbreaking changes emerge.

Let's get started.

1. Improving Digital Security: The Importance of Taking Action

Security risks are changing at an alarming rate due to the quick growth of digital financial services. Convenience and efficiency have been made possible by digitalisation, but fraud and cyberthreats have also increased. The Reserve Bank of India (RBI) is aware of this and continuously implementing policies to strengthen the banking and payments sector.

Important Takeaways:

• To increase security, the RBI has made Additional Factor of Authentication (AFA) mandatory for domestic digital payments.
• In order to provide comparable security for cross-border transactions, it now suggests extending AFA to international online payments made to offshore merchants.
• Registration for the RBI's protected domain "bank.in," which is only available to Indian banks, will open in April 2025. 'fin.in' for financial sector organisations will come next, with the shared goal of reducing phishing threats and enhancing cybersecurity.
• In order to better identify and address security threats, banks and NBFCs need to strengthen their cyber resilience.

Why This Matters: With fewer fraud attempts, more consumer protection, and safe online transactions, these steps translate into increased trust in digital payments for regular consumers.

Customers will find it easier to validate banking websites, which will lessen the possibility that they may become victims of phishing frauds. In turn, financial institutions will have a more secure online identity, which will make it much more difficult to carry out fraud attempts.

In my view, The RBI is extending AFA to international online transactions for cards issued in India, marking a significant evolution in cross-border payment security. This will apply specifically to merchants enabled for such authentication, creating a unified security approach across domestic and international digital payments. Also, The dedicated domains ('bank.in' and 'fin.in') will help ensure that users interact with authentic banking platforms, reducing phishing scams.

2. Trends in Digital Payments: Development and Uptake

• The RBI's Digital Payment Index, which measures the ongoing pace of digital transactions, hit 465.3 in September 2024. But security issues still exist.
• In spite of rising transaction volumes, UPI system efficiency has increased and technical problems have decreased. PSBs displaying a higher percentage of transaction volume
• With 98% of e-commerce transactions now being completed without actual card details, card tokenisation acceptance is growing and lowering the risk of data breaches.

The high rate of tokenisation adoption and better technical performance, in my opinion, point to a mature digital payment infrastructure; nonetheless, performance differences amongst bank groups point to continued consolidation.

3. Evolution of the Regulatory Framework

The RBI is fortifying its regulatory structure by:

• Implementation of a mobile number revocation list
• Security is further strengthened by standard operating procedures for transactional communications and a dedicated numbering series for transactional calls.
• revised framework for financial penalties under the 2007 Payment and Settlement Systems Act
• Enhancing Payment Systems: Secure Digital Transactions

Concluding Remarks: Secure Digital Payments' Future

The Indian digital payments landscape is entering a new phase of maturity, characterized by enhanced security measures and standardized operational frameworks. The combination of international AFA implementation and exclusive banking domains positions India as a pioneer in comprehensive digital payment security.

These advancements point to a clear path towards a digital payments infrastructure that is more safe, effective, and internationally linked. The proactive measures taken by the RBI demonstrate its dedication to creating a strong, fraud-proof digital payments infrastructure, while balancing innovation with security.