Core Viewpoint - The Reserve Bank of India (RBI) has introduced new rules to enhance authentication standards for digital payments to combat increasing fraud in the sector [1][2]. Group 1: New Regulations - The guidelines, effective from April 1, 2026, require all payment system providers to implement dynamic authentication for digital transactions, building on existing two-factor authentication norms [2][4]. - The RBI mandates that authentication credentials, such as SMS-based one-time passwords (OTPs), biometric data, or hardware tokens, must be unique for each transaction to prevent reuse [3][5]. Group 2: Compliance and Responsibilities - Card issuers will be responsible for validating non-recurring cross-border "card-not-present" transactions starting October 1, 2026, and must implement risk-based checks for these payments [4][7]. - In cases of non-compliance leading to losses, issuers are required to fully compensate affected customers [4]. Group 3: Data Protection and Interoperability - All authentication mechanisms must comply with the Digital Personal Data Protection Act, 2023, ensuring consumer data protection [5]. - The framework promotes interoperability, requiring that tokenization and authentication services be accessible across various devices and applications [5][6]. Group 4: Risk-Based Approach - The RBI encourages a risk-based approach to authentication, assessing transactions based on behavioral and contextual parameters such as user location and historical spending patterns [6]. - High-risk transactions may require additional verification layers, with DigiLocker suggested as a platform for customer notifications [6].