News

RBI Makes AePS Payments Safer, Issues New Digital Payment AFA Framework

RBI proposes new guidelines for AePS touchpoint operators and sets up a framework governing additional factor authentication (AFA) for digital payments.

RBI Makes AePS Payments Safer, Digital Payment AFA Framework, Reserve Bank Of India
info_icon

The Reserve Bank of India (RBI) issued a draft circular on July 31, 2024, outlining the proposed due diligence that banks should carry out to verify Aadhar-enabled Payment System (AePS) touchpoint operators. It also issued a framework proposing new methods for digital payment authentication and rules governing it. 

On the AePS touchpoint operator guidelines RBI said, in recent times, there has been fraud perpetuated through AePS due to identity theft or compromise of customer credentials which makes the framework necessary.

Who Are Touch Point Operators?

AePS (Aadhaar-enabled Payment System) touchpoint operators are entities or individuals that operate in rural and semi-urban areas, providing essential banking services such as withdrawals, fund transfers etc using an Aadhaar number and biometric authentication.

New Proposals: The Reserve Bank of India has proposed streamlining the onboarding process of AePS Touchpoint Operators to enhance the safety of the Aadhaar Enabled Payment System (AePS). RBI proposed that operators who have not performed any financial transactions for six months will need to undergo a KYC update before further enabling their operations. AePS touch-point operators must be monitored on an ongoing basis by banks that have acquired them and all the agents must adhere to National Payment Corporation of India (NPCI) regulations. Additionally, each AePS touchpoint operator can only be onboarded by one acquiring bank which banks and NPCI must ensure.

Says Yashwant Lodha, Co-Founder, of PayNearby, "The RBI draft guidelines requiring stringent agent onboarding checks, the Re-KYC post-inactivity and risk profile-based limits are positive steps towards fraud control. We request RBI to consider permitting a backup bank option at the AePS touchpoint to ensure that customers who approach a BC agent are not deprived of service if an acquiring system is down." 

Alternative Methods For AFA

In another release, the Reserve Bank of India issued a draft titled "Framework on Alternative Authentication Mechanisms for Digital Payment Transactions." The proposal suggests alternative methods of additional factor authentication (AFA) for digital payments, including passwords, PINs, software tokens, and biometrics such as fingerprints.

RBI said, "No specific factor was mandated for authentication, but the digital payments ecosystem has primarily adopted SMS-based OTP as AFA. While OTP is working satisfactorily, technological advancements have made available alternative authentication mechanisms."

RBI mandated that all digital payment transactions, except card-present transactions, must ensure that one of the factors of authentication factors is dynamically generated after the payment initiation. This factor must be specific to that transaction not to be reused.  According to the new framework, small value card-present transactions below Rs 5,000, e-mandates for recurring transactions such as credit card bill payments, mutual funds, and insurance premium payments, digital toll payments, and offline transactions up to Rs 500 are the only transactions exempt from AFA.