The Reserve Bank of India (RBI) on Thursday placed a new set of regulatory guidelines for more safe and secure digital payments in the country through a master direction on “digital payment security controls.”
The central bank has issued several master directions on regulatory matters, beginning January 2016. The directions comprise instructions on rules and regulations framed by RBI under various acts, including banking issues and foreign exchange transactions.
The latest master direction, RBI said on its website, provides necessary guidelines for regulated entities to set up a robust governance structure and implement common minimum standards of security controls for digital payment products and services.
The regulated entities include the likes of scheduled commercial banks, small finance banks, payment banks, and credit card issuing non-banking financial institutions (NBFC).
The reported master direction consolidates important control aspects broadly in the following areas -- Governance and Management of Security Risks, Generic Security Controls, Application Security Life Cycle (ASLC), Authentication Framework, Fraud Risk Management, Reconciliation Mechanism, Customer Protection, Awareness and Grievance Redressal Mechanism, specific controls related to Internet Banking, Mobile Payments Application Security Controls and Card Payments Security.
Industry lobby group Payments Council of India (PCI), in a separate statement, said it had submitted its suggestions, some of which were picked by the RBI for the draft guidelines earlier.
“Due consideration to other suggestions like incorporating digital certificates amongst other security protocols, like algorithms and cipher suites, and decommissioning phase as a part of the lifecycle of the digital payments applications will provide an all-round perspective to these guidelines while maintaining their security objectives,” Vishwas Patel, PCI chairman and Infibeam Avenues director said.
A proposal to issue Reserve Bank of India (Digital Payment Security Controls) Directions, 2020 for regulated entities to set up a robust governance structure for such systems and implement common minimum standards of security controls for channels like internet, mobile banking, card payments, among others, was first introduced by the central bank in December 2020.