February 20, 2021 4:42:25 am
The RBI’s Master Direction on digital payment security will be a challenge for banks to implement as they follow different security framework and may lead to complete overhaul of the risk management system, experts said.
The new Reserve Bank of India (RBI) rules come at a time when India’s expanding payments ecosystem has seen increased instances of outages, frauds and cyber breaches. The RBI’s Master Direction provides necessary guidelines to set up a robust governance structure and implement common minimum standards of security controls for digital payment products and services.
Bharat Panchal, chief risk officer for India, Middle East & Africa, FIS, said it will be a challenge for many banks. “The major reason is not every bank is at par in terms of security framework and necessary infrastructure in place. This may warrant complete overhaul of their risk management framework,” he said.
“The guidelines are technology and platform agnostic and shall create an enhanced and enabling environment for customers to use digital payment products in a more safe and secure manner,” the RBI had said. All regulated entities have been given six months to ensure compliance.
While in many other circulars, the RBI has categorically asked to avail CERT-In empanelled vendors only, the new norms have no such reference. This might cause ambiguity on who can help banks with these guidelines, Panchal said.
The RBI circular issues specifications on a diverse set of application areas, including mandates from source code protection of third-party UPI apps, cyber security norms for safety against external attacks, card payments and online banking security protocols.
“Although the directions are applicable to numerous small finance banks, payment banks, scheduled commercial banks and credit card issuing NBFCs, the RBI guidelines are set to take effect six months from now which could potentially increase the risk of offenders taking advantage of the existing lacunae,” said Sonam Chandwani, managing partner, KS Legal & Associates.
📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines