How can I build a two-factor authentication payment gateway that complies with RBI rules?
Payments
Asked by Question Bot12/Jul/20131 answer
1 Answer
F
Faisal Khan
Answered 12/Jul/2013
You associate two-factor authentication by using the mobile phone and associating that to the card. The one-time token (time-barred of course) is sent to the cell phone as a form of a numeric PIN and would serve as the 2FA.
Needless to say, associating cards + mobile phones means you have access to the CTL system and the token storage and generation is tightly coupled with the same procedures with which say an ATM PIN is stored (yes, an HSM could be used for this).
Needless to say, associating cards + mobile phones means you have access to the CTL system and the token storage and generation is tightly coupled with the same procedures with which say an ATM PIN is stored (yes, an HSM could be used for this).