In an attempt to tackle the menace of digital payments outages, frauds and cyber crimes, the Reserve Bank of India (RBI) has published a comprehensive set of guidelines for non banking financial companies (NBFCs), banks and payments service providers.
All such RBI-regulated entities have been given six months to comply with the new guidelines. The central bank, under its ‘Master Direction on Digital Payment Security Controls’ guidelines has urged financial institutions, including scheduled commercial banks, small finance banks payment banks and credit card-issuing NBFCs, to set up a robust governance structure and implement common minimum standards of security controls for digital payment products and services.
Furthermore, RBI claimed that its guidelines are technology and platform agnostic, which will help banks and fintech players to increase adoption of digital payment products in a much more safe and secure manner.
The guidelines also delve deep into various aspects, including governance and management of security risk, generic security controls, authentication framework, application security life cycle (ASLC), fraud risk management, reconciliation mechanism, awareness and grievance redressal mechanism, customer protection, and other controls related to internet banking, mobile payment application security controls and card payments security.
“These directions shall come into effect six months from the day they are placed on the official website of the Reserve Bank of India (RBI),” as mentioned in the 21-page master circular, which delves deep into some of the best practices around source code protection of third-party apps, cyber security guidelines for safety against attacks and hacking, along with card payments and internet banking security protocols.
This comes after the RBI governor Shaktikanta Das, in December 2020, had revealed that the central bank will be introducing digital payment security control direction for regulated entities. The RBI had temporarily barred HDFC Bank from selling new credit cards or launching new digital banking initiatives on the grounds of digital outages last year. Even SBI’s YONO had faced widespread service outages, which led to concerns of the digital banking infrastructure at many of the major banks in the country.
Earlier this week, NPCI is also planning to revamp its IT infrastructure across payments channels, including UPI, IMPS, AePS, NACH, with an aim to touch 1 Bn transactions per day.