Today (18.02.2021), Reserve Bank of India (RBI) placed on its website the “Master Direction on Digital Payment Security Controls” as announced in the Statement on Developmental and Regulatory Policies issued on 4th December, 2020.
Going by the pre-eminent role being played by digital payment systems in India, RBI gives highest importance to the security controls around it.
The Master Direction provides necessary guidelines for the Regulated Entities to set up a robust governance structure and implement common minimum standards of security controls for digital payment products and services.
Applicability
The provisions of these directions shall apply to the following Regulated Entities (REs)
- Scheduled Commercial Banks (excluding Regional Rural Banks)
- Small Finance Banks
- Payments Banks and
- Credit card issuing NBFCs
The guidelines are technology and platform agnostic and shall create an enhanced and enabling environment for customers to use digital payment products in a more safe and secure manner.
What does the Master Direction control?
The Master Direction consolidates important control aspects broadly in the following areas
- Governance and Management of Security Risks
- Generic Security Controls
- Application Security Life Cycle (ASLC)
- Authentication Framework
- Fraud Risk Management
- Reconciliation Mechanism
- Customer Protection
- Awareness and Grievance Redressal Mechanism
- Specific controls related to Internet Banking
- Mobile Payments Application Security Controls and
- Card Payments Security
These directions shall come into effect six months from the day they are placed on the official website of the Reserve Bank of India (RBI).
However, in respect of instructions already issued either by Department of Payment and Settlement Systems (DPSS), Department of Regulation (DoR) or Department of Supervision (DoS) of RBI including those to select Regulated Entities (REs), by way of circular or advisory, the timeline would be with immediate effect or as per the timelines already prescribed.