Building a secure digital India: Why RBI’s new mandates could redefine cyber resilience

India’s rapid digital acceleration — powered by UPI, mobile banking, and telecom-led innovation — has brought both convenience and complexity. But with this growth comes an unavoidable challenge: cyber risk. Fraud, data breaches, and increasingly sophisticated attacks are eroding trust at a time when consumers and enterprises alike are relying more than ever on digital platforms.

Against this backdrop, the Reserve Bank of India’s (RBI) new authentication guidelines, slated for rollout in 2026, could mark a turning point. By encouraging banks and fintechs to move beyond the traditional one-time password (OTP) and explore alternative, risk-based authentication models, the regulator is signaling a shift toward layered, contextual security.

RBI’s move to mandate two-factor authentication beyond SMS is a clear signal that India’s digital payments ecosystem is maturing into a zero-trust architecture. “The real innovation lies in risk-based authentication — adaptive, context-aware, and invisible unless something looks suspicious ...