NDTV ProfitBusiness NewsRBI Releases Draft Directions On Cybersecurity Management At Payment Firms
ADVERTISEMENT

RBI Releases Draft Directions On Cybersecurity Management At Payment Firms

The directions aim to bolster governance and security measures surrounding cyber incidents at payment system operators.

02 Jun 2023, 06:06 PM IST
NDTV Profit
NDTV Profit
<div class="paragraphs"><p>RBI building. (Photo: BQ Prime) </p></div>
RBI building. (Photo: BQ Prime)

The RBI released a set of draft directions that lay down governance mechanisms to address cybersecurity risks and baseline security measures meant to ensure safe and secure digital payment transactions.

The Master Directions on Cyber Resilience and Digital Payment Security Controls for Payment System Operators will be applicable to payment system companies, and the Reserve Bank of India has sought stakeholder feedback by June 30. These rules will be applicable to all non-bank payment system operators, according to a notification issued on Friday.

The various requirements enumerated under the directions include:

  • PSOs must ensure adherence to these directions by third-party, unregulated entities they work with, such as payment gateways and vendors.

  • Operators to ensure that all their applications are subjected to rigorous security testing by qualified agencies.

  • Development of a business continuity plan based on cyber threat scenarios.

  • Preparation of a distinct board-approved cyber crisis management plan to detect, contain, respond to, and recover from cyber threats and attacks.

  • The requirement to have a board-approved incident response mechanism, which includes provisions to promptly notify senior management, relevant employees, and regulatory, supervisory, and relevant public authorities about a cyber incident.

The requirements also state that if there is a change in the registered mobile number or email ID linked to a payment instrument, there will be a cooling period of at least 12 hours before allowing transactions through online modes or channels.

Currently, in their draft form, the directions will come into effect once they are placed on the official website of the RBI, according to the notification.

In order to grant adequate time, the RBI has also laid down a staggered implementation process, which is as follows:

  • Large, non-bank operators: April 1, 2024.

  • Medium, non-bank operators: April 1, 2026.

  • Small, non-bank operators: April 1, 2028.

Get live Stock market updates, Business news, Today’s latest news, Trending stories, and Videos on NDTV Profit.
ADVERTISEMENT