Banking

RBI issues directions on Digital Payment Security Controls

18.02.2021

In order to set up a robust governance structure, RBI issues direction on Digital Payment Security Controls. The Master Direction provides necessary guidelines for the Regulated Entities (Scheduled Commercial Banks, Small Finance Banks, Payment Banks and Credit Card issuing NBFCs) to set up a robust governance structure and implement common minimum standards of security controls for digital payment products and services. The guidelines are technology and platform agnostic and shall create an enhanced and enabling environment for customers to use digital payment products in a more safe and secure manner.

The Master Direction consolidates important control aspects broadly in the following areas viz., Governance and Management of Security Risks, Generic Security Controls, Application Security Life Cycle (ASLC), Authentication Framework, Fraud Risk Management, Reconciliation Mechanism, Customer Protection, Awareness and Grievance Redressal Mechanism, specific controls related to Internet Banking, Mobile Payments Application Security Controls and Card Payments Security. The provisions of the directions shall apply to the Regulated Entities (REs) such as Scheduled Commercial Banks (excluding Regional Rural Banks), Small Finance Banks, Payments Banks; and Credit card issuing NBFCs.

The directions shall be called the Reserve Bank of India (Digital Payment Security Controls) directions, 2021. These directions shall come into effect six months from the day they are placed on the official website of the Reserve Bank of India (RBI). REs shall have trained resources with necessary expertise to manage the digital payment infrastructure. Multi-factor authentication methods are more reliable and stronger fraud deterrents and protects the confidentiality of payment data as well as enhance confidence in digital payment by combating various cyber-attack mechanisms.

Tags : Digital Payment Security Direction

Share :