RBI: To prevent the fast growing digital payment fraud in the country, RBI has issued a new guideline. According to the report, now the payment system will change from before, let’s know the news in detail…..
The exercise has now intensified to check the fast growing digital payment frauds. The Reserve Bank of India (RBI) has been working on a payment security regulation and guidelines for cyber security for payment system operators in the country for quite some time now. Now the central bank has issued a draft master circular regarding this. In this, different payment system operators have been given time to implement.
The draft directive covers operational arrangements for identification, assessment, monitoring and management of cyber security risks, including information security risks. The directions also lay down the basic security measures for ensuring secure digital payment transactions.
The existing instructions on security and risk mitigation relating to card payments, prepaid payment products (PPIs) and mobile banking shall remain in force, the central bank said. RBI has sought feedback from the concerned parties on this by June 30.
May be applicable from April next year-
It is proposed to implement this draft from 1 April 2024 to 1 April 2028. A deadline of April 1, 2024 has been fixed for large non-bank payment system operators. The deadline has been set for April 1, 2026 for medium non-bank operators and April 1, 2028 for small non-bank operators.
These are the provisions in the draft-
Proposal for Digital Payment System Operators: The Board of Directors will be responsible for cyber security. Board approved cyber crisis management plan will have to be made. An online alert is issued if the transaction is found to be unusual. Account, card number and confidential information should be sent to the customers in a hidden manner.
Online transactions should contain the name of the merchant and not the name of the payment gateway/aggregator. Along with the OTP, it should also be written for whom these deals are for. Should be a disaster recovery site.
For card payment: If there is a suspicious transaction with the card, the card issuing bank should be alerted. The payment service operator should decide whether the POS terminal is secure.
For prepaid cards: OTP and transaction should be sent in the local language. There is a time bar between loading and transferring funds.
Offers for the app: Facility to identify fake deals on the app. No transaction for 12 hours on change of mobile number/email. Mobile application should not be started from two places at once.
If the bank app is not used from mobile for a long time, then the app, sim and fingerprint should be set again. If the login fails more than the specified number of times, then there should be a facility to block and then enable it again.
