HID has announced its readiness to support Indian banks and payment service providers in complying with the Reserve Bank of India’s (RBI) new authentication framework for digital payments, which came into effect on April 1, 2026. The directive mandates stronger multi-factor authentication (MFA) and signals a decisive shift away from SMS OTP-based systems.
The RBI’s updated guidelines require at least two independent authentication factors, including one dynamic element, while encouraging adoption of advanced methods such as device-bound credentials and biometric verification. The move comes amid rising incidents of phishing, SIM-swapping, and social engineering attacks that have exposed the limitations of traditional OTP-based security.
“The RBI’s updated directions are a landmark step for India’s digital payments security. By moving beyond SMS OTPs and embracing standards-based authentication, India is aligning with global best practices.” — Edwardcher Monreal, Principal Solutions Architect, HID
HID is addressing these challenges with its FIDO-based authentication solutions, which leverage public key cryptography and device-bound passkeys. This approach eliminates reliance on shared secrets like passwords and OTPs, instead combining device possession with biometric or PIN-based verification to deliver phishing-resistant security.
By anchoring authentication to the user’s device, HID enables banks to significantly reduce fraud risks while improving the customer experience. The passkey-based model ensures faster, seamless transactions without compromising security, aligning with the RBI’s push for stronger yet user-friendly authentication mechanisms.
The company’s platform also supports risk-based and adaptive authentication, allowing financial institutions to apply enhanced security measures for high-risk transactions based on behavioral and contextual signals. Built on open FIDO standards, the solution ensures interoperability across devices, operating systems, and applications helping banks avoid vendor lock-in while meeting regulatory requirements.
HID noted that India’s move reflects a broader global trend, with regulators increasingly recognizing the need to move beyond shared-secret authentication models. Similar initiatives are being seen across regions such as Europe, Singapore, and Australia, as financial ecosystems strengthen defenses against evolving cyber threats.
With its passkey and passwordless authentication solutions now available, HID is positioning itself as a key enabler for banks and fintechs transitioning to secure, scalable, and future-ready digital payment authentication frameworks.