Official GSMA™ Open Gateway Channel Partner enabling Open Gateway APIs for Operators & Enterprises

Matt Cooper

Head of Global Marketing

P

+44 (0) 7774 781695

E

matt@sekura.id

Principle-based frameworks for Authentication

How the Reserve Bank of India has called time out for the SMS OTP

Principle-based frameworks for Authentication

In February of 2024, the Reserve Bank of India issued a rather important press release. Point 32 was especially interesting and has caused a stir in the SMS OTP community.

Titled, “Principle-Based Framework for Authentication of Digital Payment Transactions” it said, “Over the years, the Reserve Bank has proactively facilitated introduction of various mechanisms such as Additional Factor of Authentication (AFA) for securing digital payments. While no particular mechanism was specified by the Reserve Bank, SMS-based OTP has become very popular.”

“With technological advancements, however, alternative authentication mechanisms have emerged in recent years. Therefore, to facilitate the adoption of alternative authentication mechanisms for enhancing the security of digital payments, it is proposed to put in place a principle-based framework for authentication of such transactions.”

It’s worth pointing out that the RBI is strongly sending out a signal that SMS OTP, while popular, is not going to be the two-factor authentication method of choice and principle-based methods should be considered going forward. It’s also worth noting that SMS stands for ‘Short Message Service’ and not ‘Secure’ as SMS has no security.

But what is a “principle-based framework for the authentication of digital payment transactions”?

It’s a set of guidelines and rules designed to ensure that digital payments are secure, reliable, and trustworthy. Instead of focusing on specific technologies or methods, it emphasises core principles that any authentication system should follow to protect users’ financial information and prevent fraud. These principles might include ensuring user identity, maintaining data privacy, and providing robust security measures against unauthorised access.

Moving away from two-factor methods such as SMS OTP or authentication apps, there are far superior ways to authorise transactions. 

How SAFr Auth Fulfils the RBI Requirements

SAFr Auth is a unique comprehensive authentication solution developed by Sekura.id. Here’s how it meets the key requirements of a principle-based framework for digital payment transactions:

1 User Identity Verification:

SAFr Auth uses cryptography similar to Passkeys, but the cryptographic key is already there in the SIM card and does not need to be set up – unlike Passkeys. The cryptographic key and the algorithms use the SIM as a secure hardware, unlike Passkeys, relying on the security of the device. This ensures that the person making the transaction is genuinely the authorised user.

2 Data Privacy:

The system uses end-to-end encryption to protect user data. This means that the information is encoded in such a way that only authorised parties can read it, safeguarding users’ sensitive data from potential breaches.

3 Robust Security:

SAFr Auth incorporates multiple layers of security, including behavioural analytics and live, operator-based authentication. These layers provide an additional safety net, making it difficult for unauthorised users to gain access.

4 Compliance with Regulations:

SAFr Auth adheres to international security standards and regulations, ensuring that it meets the legal requirements for digital payment authentication. This compliance is crucial for building trust and reliability among users and regulatory bodies.

Why SAFr Auth is the Perfect Solution for Indian Companies

1 Competitive Advantage:

By integrating SAFr Auth, Indian companies can offer their customers a highly secure and user-friendly payment experience. This can differentiate them from competitors who may not provide the same level of security and convenience.

2 Market Trust:

With rising concerns about digital payment fraud, adopting a trusted solution like SAFr Auth can enhance customer confidence. When users feel their transactions are secure, they are more likely to choose those companies for their financial dealings.

3 Scalability:

SAFr Auth is designed to handle large volumes of transactions, making it suitable for businesses of all sizes. As Indian companies grow, they can rely on this solution to scale with their needs without compromising security.

4 Technological Leadership:

Implementing cutting-edge authentication technology positions Indian companies as leaders in innovation. This not only attracts tech-savvy customers but also sets a benchmark in the industry for others to follow.

Convinced? No? Find out why SAFr Auth is 13x better than SMS OTP

SAFr Auth aligns perfectly with the principles outlined in a framework for the authentication of digital payment transactions. Its robust features, regulatory compliance, and user-centric design make it an ideal choice for Indian companies looking to enhance security, build trust, and gain a competitive edge in the digital payment landscape.

Contact partners@sekura.id to find out more.