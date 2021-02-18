OPEN APP
Home >News >India >RBI directs lenders to formulate board-approved policies for e-payments
The measures have been suggested in the view of the proliferation of cyber-attacks, RBI said (MINT_PRINT)
The measures have been suggested in the view of the proliferation of cyber-attacks, RBI said (MINT_PRINT)

RBI directs lenders to formulate board-approved policies for e-payments

2 min read . Updated: 18 Feb 2021, 09:57 PM IST Shayan Ghosh

  • RBI said the policy must explicitly discuss necessary controls to protect the confidentiality of customer data and integrity of data associated with the digital product and services offered
  • It has also issued specific norms with regard to internet banking security controls, mobile payment security controls and that for card payments

The Reserve Bank of India (RBI) on Thursday said that regulated entities will have to formulate a board-approved policy for digital payment products and services, in an attempt to improve governance standards for such systems.

Released as a master direction on digital payment security controls, the norms will be applicable to scheduled commercial banks, small finance banks, payment banks and credit card issuing non-banking financial companies. However, these will not apply to regional rural banks (RRBs), the central bank said. These directions will come into effect six months from Thursday.

MORE FROM THIS SECTIONSee All
Foreign minister S. Jaishankar

Quad countries hold meet virtually, discuss climate change, counter-terrorism

3 min read . 09:38 PM IST
A health worker takes a swab sample of a passenger at Bandra train station in Mumbai, India, Wednesday, Feb. 17, 2021. Health officials have detected a spike in COVID-19 cases in several pockets of Maharashtra state, including in Mumbai, the country's financial capital. (AP Photo/Rafiq Maqbool)

Maharashtra reports over 5,000 new Covid cases, highest daily jump in last 75 days

1 min read . 09:37 PM IST
Prime Minister Narendra Modi

Work on to free electricity distribution of entry barriers and licensing: Modi

2 min read . 09:22 PM IST
Photo: Mint

I-T dept conducts searches in 9 major Trusts in Bengaluru, seizes 15 cr cash

2 min read . 09:19 PM IST

The regulator said that the board-approved policy must explicitly discuss necessary controls to protect the confidentiality of customer data and integrity of data associated with the digital product and services offered. It should also discuss, RBI said, the availability of requisite infrastructure with necessary back up and be accompanied by an assurance that the payment product is built in a secure manner.

“The board and senior management shall be responsible for implementation of this policy. The policy shall be reviewed periodically, at least on a yearly basis. Regulated entities may formulate this policy separately for its different digital products or include the same as part of their overall product policy," RBI said on Thursday.

It added that these regulated entities will have to conduct risk assessments with regard to the safety and security of digital payment products and associated processes and services. The risk assessment should take into account known vulnerabilities at each of the touchpoints and the remedial action taken by the entity; dependence on third party service providers; and risk arising out of integration of digital payment platform with other systems both internal and external.

That apart, lenders also have to implement multi-factor authentication for payments through electronic modes and fund transfers, including cash withdrawals from ATMs. These measures have been suggested in the view of the proliferation of cyber-attacks, RBI said, adding that at least one of the authentication methodologies should be generally dynamic or non-replicable.

Importantly, these entities have been asked to implement a realtime or near-realtime reconciliation framework for all digital payment transactions. They also need to incorporate secure, safe and responsible usage guidelines and training materials for customers within the digital payment applications.

Apart from these broad guidelines, RBI has also issued specific norms with regard to internet banking security controls, mobile payment security controls and that for card payments.

TRENDING STORIESSee All

“Going by the pre-eminent role being played by digital payment systems in India, RBI gives highest importance to the security controls around it," the central bank had said on 4 December. It had added that while these guidelines will be technology and platform-agnostic, it will create an enhanced and enabling environment for customers to use digital payment products in more safe and secure manner.

Subscribe to Mint Newsletters
* Enter a valid email
* Thank you for subscribing to our newsletter.

Click here to read the Mint ePaperMint is now on Telegram. Join Mint channel in your Telegram and stay updated with the latest business news.

Close

Wait for it…

Log in to our website to save your bookmarks. It'll just take a moment.

Yes, Continue

Wait for it…

Oops! Looks like you have exceeded the limit to bookmark the image. Remove some to bookmark this image.

Your session has expired, please login again.

Yes, Continue
×
Edit Profile
My Reads Redeem a Gift Card Logout