India has launched a sharp clampdown on online payment scams, ordering tougher checks and new rules that aim to cut the rising tide of fraud. Based on reports, regulators and payment networks moved after authorities recorded big jumps in both the number of cases and the money lost to scams last year.
The framework mandates two-factor authentication for all digital payments, though no specific method is enforced.
One of the headline changes is a requirement for two-factor authentication for payments, set to come into effect on April 1, 2026. Banks and payment firms will need to apply at least two methods of ID for transactions — such as biometrics, device tokens, or passphrases — while SMS OTPs will still be allowed in some cases.
A special Cyber Fraud Mitigation Centre and the Indian Cyber Crime Coordination Centre will coordinate responses, and a suspect registry drawn from the national cybercrime portal is being used to track suspicious accounts and identities.
Banks and small operators that run Aadhaar-enabled payment services will face stricter due diligence requirements for their agents and terminals.
Banks and tech providers must upgrade systems to run the extra checks and keep records. That will add cost and complexity, especially for smaller firms and rural operators that rely on older devices.
Users may face more steps when they pay, particularly for cross-border or unusual transactions. Reports warn that fraudsters often change tactics after rules tighten, so the measures will need constant review and active enforcement to stay effective.
Featured image from Unsplash, chart from TradingView
