Banks Stick with OTPs Slow to Adopt RBIs New Payment Security Methods
Posted on by Nikhil Satish Pawar

Banks Stick with OTPs, Slow to Adopt RBI’s New Payment Security Methods


Banks often cling to existing technologies, as the saying goes, “If it ain’t broke, don’t fix it.” The National Payments Corporation of India (NPCI) enforces changes for Unified Payments Interface (UPI) transactions, but banks must individually implement updates for other payment methods.

One startup, Minkasu Pay, is pushing for biometric solutions as an alternative to OTPs. Based in Silicon Valley, Minkasu provides a biometric system that integrates with payment gateways. However, this solution is currently limited to net banking and faces challenges in scaling to card payments. The company is seeking $15 million in funding to meet growing demand.

Biometrics offer a potential solution to OTP’s shortcomings, such as delivery failures. Still, implementing biometric systems poses legal and compliance challenges. Banks must navigate new liability issues, especially in cases of payment failures or fraud. For instance, responsibility for customer losses due to implementation errors at the merchant’s end is still a concern.

New biometric solutions, such as those offered by Wibmo and Minkasu Pay, could address these issues. Wibmo’s system, introduced at the Global Fintech Festival, does not require the card-issuing bank’s app. Minkasu has partnered with M2P to integrate its solution with banking systems, though many implementations are still in the pilot phase.

Challenges also include the need for universal solutions that work across various devices, including desktops. Unlike OTPs, biometric systems require customer devices for authentication, complicating integration.

In contrast, UPI does not use OTPs and instead relies on device binding and a customer PIN, which is static but secure. NPCI is also exploring biometrics for UPI to enhance security further. Meanwhile, banks are considering other options like risk-based authentication and behavioral analytics, though these are mainly used for alerting customers rather than processing payments.

Overall, while the RBI’s push for more secure authentication methods is underway, widespread adoption and integration remain complex and gradual processes.