The public comment period for the draft will remain open until March 10, 2025, with implementation scheduled three months after the final circular is issued.The proposed framework requires card issuers to register their Bank Identification Numbers (BINs) with card networks for AFA validation. Financial institutions must establish risk-based mechanisms for managing international transactions and implement advanced encryption methods and AI-based fraud detection systems.
“The surge in digital frauds is a matter of concern and warrants action,” stated RBI Governor Sanjay Malhotra, highlighting the urgency of the initiative.
The move comes as part of a broader cybersecurity enhancement strategy by the RBI, which includes the introduction of exclusive ‘.bank.in’ and ‘.fin.in’ domain names for Indian banks and financial institutions starting April 2025. These domain names are designed to help customers identify legitimate banking websites and reduce phishing risks.
The proposal builds upon India’s existing digital payment security infrastructure, which has seen significant development in recent years. The country has already established itself as a leader in digital payments, with its Unified Payments Interface (UPI) system being adopted by other countries for cross-border transactions.
BankBazaar.com CEO Adhil Shetty endorsed the initiative, noting that “AFA such as OTPs for digital payments have played a significant role in preventing fraud.” He particularly emphasized the measure’s importance given the increasing frequency of foreign-origin phishing attacks and online scams targeting Indian cardholders.
These security enhancements align with the RBI’s Payments Vision 2025, which seeks to create a more secure and seamless experience for both domestic and cross-border transactions while maintaining the balance between security and convenience in digital payments.
Sources: TICE News, CNBC TV18, TaxGuru, Fortune India
–
February 10, 2025 – by Ali Nassar-Smith
Follow Us