RBI prepares draft master to make digital payments secure, fraud will be curbed like this

The draft master has been asked to ensure compliance with instructions to effectively identify, monitor, control, and manage cyber and technology-related risks arising out of linkages of PSOs with unregulated entities.

Fri, 02 Jun 2023 08:45 PM (IST)
 0
RBI prepares draft master to make digital payments secure, fraud will be curbed like this

The Reserve Bank on Friday proposed to put in place a stronger governance mechanism for authorized non-bank payment system operators (PSOs) to effectively address emerging cyber security risks.
Towards this goal, the central bank has released a draft master on cyber resilience and digital payment security controls for payment system operators. The central bank said the existing security and risk mitigation directions for card payments, prepaid payment instruments (PPIs), and mobile banking will remain in force.
The draft master calls for ensuring compliance with directions to effectively identify, monitor, control, and manage cyber and technology-related risks arising out of linkages of PSOs with unregulated entities. Along with this, RBI has invited stakeholders to comment and provide feedback on the draft by June 30.
It added, "The Board of Directors (Board) of the PSO shall be responsible for ensuring adequate monitoring of information security risks including cyber risk and cyber resilience."
As per the draft, the PSO must develop an approved Cyber Crisis Management Plan (CCMP) to detect, control, respond to and recover from cyber threats and attacks.
This further highlights the importance of inventory management, where the PSO must maintain records of key roles, information assets, critical functions, processes, third-party service providers, and their interconnections and assess their usage, criticality, and business value. Documentation has to be done.
It also covers network security, application security life cycle (ASLC), security testing, vendor risk management, business continuity planning, and other key issues.
With respect to data security, the draft stipulates that PSOs must implement a comprehensive data leakage prevention policy to ensure the confidentiality, integrity, availability, and security of business and customer information, both under its control and at vendor-managed facilities.

Muskan Kumawat Journalist & Writer