The Reserve Bank of India has removed two-factor authentication — involving the use of one-time passwords sent to mobile phones — for online card transactions up to Rs 2,000 (US$29), Live Mint reports. “Discarding two-factor authentication is an opt-in service, which means that customers will have to specifically opt for it.” The move follows the withdrawal of Rs 500 (US$7) and Rs 1,000 ($14) notes.
- Apple Pay users in the US to get buy now pay later option with iOS 16
- BIS reports on CBDCs in emerging markets
- Moroccan bank launches biometric payment card
- US digital bank introduces contactless payments rings
- Riksbank completes digital currency payments pilot
This article is more than five years old
One comment on this article
Comments are closed.
“Nothing useful can be said about the security of a mechanism except in the context of a specific application and environment.” –Robert H. Courtney, Jr. His First Law.
While I am an advocate of strong authentication, requiring it to buy a hamburger is overkill. When I use my contactless card at McDonalds, McDonalds does not require a PIN.
On the other hand, when I use a mobile banking app on my iPhone, the app inherits the strong authentication (possession of the phone and the phone PIN) from the phone. Therefore, the bank allows me to opt out of using a one-time password when banking from that device (which the knows.
Note that, like most things about consumer strong authentication, whether