With regard to mobile payments, RBI said, the PSO should ensure that the authenticated session with encryption protocols is maintained during the interaction with the customer.
Bank Payment Systems: Reserve Bank of India (RBI) has taken an important step with the aim of improving the payment system. RBI said that operators associated with non-bank payment systems will have to take real-time fraud monitoring measures to identify and alert suspicious transaction activities. Along with this, operators associated with non-bank payment systems (PSOs) will have to ensure that if the mobile application is not being used, it should close automatically after a certain period and customers will need to login again.
Effective with immediate effect
Let us tell you that this directive has come into effect from Tuesday, but RBI has also prescribed a phased implementation with the aim of providing sufficient time to the PSO to prepare the necessary compliance structure. RBI said that the purpose of the instructions is to improve the payment system security of PSOs by providing a framework for complete information security preparedness with an emphasis on cyber robustness.
Session ends as soon as the app is closed
RBI said that regarding mobile payment, the PSO should ensure that the authenticated session with encryption protocol remains intact during the interaction with the customer. The central bank said – In case of any intervention, if the customer closes the application, the session will be terminated and the affected transaction will be resolved or refunded.
Auto-closing of online session
Further, PSOs should ensure that the online session on the mobile application gets automatically closed after a certain period of inactivity and customers are required to login again. RBI said that the card network should provide session closure for implementing transaction limits at the card, Bank Identification Number (BIN) as well as card issuer level.