India’s digital payments story is no longer a domestic narrative. With cross-border UPI transactions rising more than twenty-fold in just a year—jumping from 37,060 transactions in FY24 to 7.55 lakh in FY25—the country is shaping the conversation around real-time and inclusive global payments. But this rapid scale has also produced a new wave of risk. Digital payment frauds in India grew 85% last year, resulting in losses exceeding ₹4,245 crore across 2.4 million cases.
G+D, a 172-year-old security technology company headquartered in Munich, has been present in India for over two decades. It operates across currency technology, digital payment security, card issuance, and identity solutions. But Bhatnagar is quick to point out that the company’s relevance today is tied less to its history and more to the changes sweeping across India’s financial ecosystem. “India has become one of the most dynamic markets for secure digital transactions,” he notes. “What happens here increasingly influences global thinking.”
Cards Are Still Growing—But Security Is the Real Priority
For all the growth of UPI, physical card issuance shows no sign of slowing down. Banks continue to issue cards at record levels, and personalization formats such as metal cards and sustainable materials are gaining traction. Yet, Bhatnagar stresses that the real action is happening in digital channels, where mobile, tap-and-pay, and in-app card payments are expanding rapidly.
“With every increase in digital payment volumes, the attack surface expands too,” he says. “Banks are looking for deeper, more resilient security mechanisms, especially for e-commerce and high-value transactions.”
The RBI Push Beyond OTP Is Reshaping the Landscape
One reason for this urgency is the RBI’s shift away from relying only on SMS OTP, which has served as the backbone of India’s two-factor authentication for more than a decade. A series of regulatory updates, culminating in the September 2025 directive, requires banks to adopt authentication frameworks beyond OTP by April 2026.
Bhatnagar calls this transition essential rather than optional. “OTP has served its purpose, but it’s fundamentally vulnerable,” he says. “It can be intercepted, spoofed, or simply tricked out of a customer. You can’t build the next decade of digital payments on something so easy to compromise.”
The RBI’s new framework emphasises three principles: using two independent authentication categories, ensuring that each authentication is uniquely tied to the device and transaction, and ensuring that security holds even if one factor fails. For banks, this means rethinking long-standing flows that relied on passwords or SMS alone.
Passkeys: The Quiet Shift Already Underway
According to Bhatnagar, the most viable alternative emerging today is the passkey, based on global FIDO standards. Passkeys remove the dependency on shared secrets—no passwords to steal and no OTPs to intercept. Authentication instead happens using cryptographic keys stored on the user’s device, with biometric verification tied to the specific transaction.
“Passkeys solve the fundamental weakness in the current system,” he explains. “They are phishing-resistant by design. Even if a fraudster tricks you, there is nothing transferable that can be stolen.”
The shift is already visible worldwide, with major technology platforms and card networks supporting passkeys by default. In India, banks and processors have begun pilots, and Bhatnagar expects meaningful adoption within the next 18 to 24 months. The transition, he argues, will be smoother than many expect because nearly a third of Indian users already authenticate everyday actions—unlocking phones, authorizing payments—through biometrics.
Biometrics Will Drive the Next Wave of E-Commerce Authentication
One of the biggest changes may be felt in e-commerce. Today, an online card payment typically ends in a browser window waiting for an OTP. Soon, this flow may disappear. Instead, the user will receive a push notification from their bank app and approve the transaction with a biometric scan.
“It removes friction and eliminates the weakest part of the journey,” Bhatnagar says. “When you remove OTP drop-offs, approval rates improve, and fraud attempts fall sharply.”
E-commerce platforms and fintech players are preparing for this shift by aligning with issuer banks, who will serve as the core authentication hubs in the new model.
Can Frauds Actually Reduce?
When asked if India’s fraud burden can realistically drop in the next few years, Bhatnagar is unequivocal. “Yes, absolutely,” he says. “Once authentication becomes device-bound and biometric-first, social engineering loses most of its power. You can’t trick someone into handing over something that no longer exists.”
He argues that as long as the industry relies on shared secrets—passwords, PINs, OTPs—fraudsters will find ways to exploit human behavior. The move toward cryptographic and biometric authentication closes that gap.
Beyond Passkeys: The Rise of Behavioural Biometrics
While passkeys represent a major shift, Bhatnagar is equally interested in behavioural biometrics, which analyze how a person interacts with their device—how they hold it, type, or swipe. These patterns create a continuous authentication layer that runs silently in the background.
“Behaviour is almost impossible to fake,” he says. “Even if someone has your device, they cannot mimic how you use it.”
Combined with AI-driven risk scoring, behavioural analytics enables real-time detection of anomalies and dynamic step-up challenges only when needed. Industries beyond banking—insurance, retail, digital commerce—are expected to follow the same path as they move away from OTP-heavy flows.
The Next Phase of India’s Payments Growth
India’s ambition to lead the world in real-time, low-cost, cross-border payments is clear. But achieving that vision at scale requires trust, and trust depends on secure authentication that keeps pace with innovation.
“Speed is important, and scale is important,” Bhatnagar says. “But secure scale is what defines leadership. India is heading in that direction, and the authentication shift underway today will decide how strong the foundation really is.”
As India’s digital and global payments footprint expands, the next chapter will not be defined merely by how fast transactions move—but by how safely they do.