While maintaining the mandatory two-factor authentication requirement, the framework moves away from a mere one-time password (OTP) approach to a framework that customises checks based on the transaction’s level of risk. Experts said the move, which aims to strengthen security while lowering consumer friction, is long overdue in India’s rapidly growing digital payments ecosystem.