Call: +91 944 851 6023
info@shivacooperativebankltd.com
ಕನ್ನ಑
RBI Cyber Security & Digital Banking Guidelines (India)

The Reserve Bank of India (RBI) has issued multiple guidelines and directions to strengthen cyber security, fraud prevention, and digital payment safety across banks and digital payment systems in India. These aim to protect customers, banks, and payment ecosystem participants from evolving cyber threats.

Two-Factor (Multi-Factor) Authentication for Digital Payments
  • RBI mandates enhanced authentication standards for all digital payments.
  • Every digital payment transaction must be secured using at least two distinct factors of authentication.
  • At least one of these factors must be dynamic and unique to each transaction to reduce fraud risk.
  • This rule enhances protection against unauthorised access and transaction fraud.
  • These provisions are part of the RBI (Authentication Mechanisms for Digital Payment Transactions) Directions, 2025 effective from April 1, 2026.
Risk-Based Authentication Flexibility
  • Along with the 2FA mandate, RBI allows payment system providers and banks to adopt risk-based checks.
  • This means additional security checks can be applied dynamically for higher-risk transactions.
  • Banks can choose appropriate security technology beyond basic authentication based on transaction risk assessment.
Cyber Resilience &
Digital Payment Security Controls
  • RBI has released detailed Master Directions on Cyber Resilience and Digital Payment Security Controls for payment system operators (PSOs) including banks and non-bank providers. These include:
  • Governance frameworks for cyber risk management
  • Baseline security measures for data protection, secure application development, vendor risk controls
  • Incident reporting and response processes
  • Real-time fraud monitoring and transaction anomaly detection
  • Timelines for compliance varying by provider size (large, medium, small)
  • These norms aim to strengthen the overall digital payments ecosystem against cyber threats.
Mandatory Incident Reporting
  • Banks and payment providers must promptly report cyber security incidents such as:
  • Cyber - attacks
  • Data Breaches
  • System otages
  • Fraud attempts
  • To RBI and relevant authorities like CERT-In under regulatory guidelines. Prompt reporting enables faster mitigation and regulatory support
Domain Security Initiative (Phishing Mitigation)
  • To reduce fraud via deceptive/fake banking websites, RBI has initiated an exclusive β€œ.bank.in” domain for regulated Indian banks.
  • Use of this domain helps customers identify authentic banks online and reduces phishing attacks.
  • The Institute for Development and Research in Banking Technology (IDRBT) manages this domain rollout.
Key Takeaways for Customers
  • RBI mandates enhanced authentication standards for all digital payments.
  • Always use official bank digital platforms β€” mobile apps and websites.
  • Protect your passwords, OTPs, and PINs.
  • RBI guidelines are designed to ensure secure, resilient digital banking for all users.
  • Enhanced authentication and security controls help reduce fraud and protect your money.