The Reserve Bank of India (RBI) will introduce new Digital Payment Security Controls for regulated entities, to enhance the adoption of digital payments platforms in a more safe and secure manner. The central bank will issue a draft guideline soon for public comments, it said in its Statement on Developmental and Regulatory Policies on December 4.
The guidelines will be technology and platform agnostic, the RBI said. “[…] it is proposed to issue Reserve Bank of India (Digital Payment Security Controls) Directions, 2020 for regulated entities to set up a robust governance structure for such systems and implement common minimum standards of security controls for channels like internet, mobile banking, card payments, among others,” it said.
At present, banks have to comply with security guidelines set by the RBI, while payment system operators licensed by the central bank have separate guidelines. Further, banks, non-bank companies and third-party apps that provide payments services on top of the National Payments Corporation of India’s (NPCI) various payments platforms, like Bharat Bill Payment System (BBPS) or the Unified Payments Interface (UPI), have to follow security guidelines issued by the umbrella payments organisation.
A holistic digital payment security controls guideline from the RBI will create a uniform set of standards, regardless of the type of entity. Albeit, there will be differences in implementation between payments apps and banks depending on the scales at which they each operate.
Bharat Panchal, chief risk officer for India, Middle East and Africa, FIS says that with the digital payments industry expected to grow rapidly going forward, there are numerous threats that could hamper its adoption in the country. “In the new proposed draft the by central bank, one can expect measures like increasing payment speed and reducing the infrastructure complexity, real-time fraud detection and prevention, improving the precision of risk scoring and accuracy of transaction blocking, and continuously screening for known fraud patterns,” he said in a statement.
Improving compliance of payments settlement files
The RBI has also said that settlement files of various payments systems should be uploaded to the central bank on all days of the year through the eKuber system, an internal core banking system of the RBI. “This measure will reduce build-up of settlement and default risks and enable better management of funds by member banks. It will also enhance overall efficiency of the payments ecosystem. Instructions in this regard will be issued shortly,” it said.
Payment system operators and banks will have to upload daily settlement files for the UPI, RuPay, National Financial Switch, National Eletronic Toll Collection (FASTag), Immediate Payments System and Aadhaar Enabled Payments System, under the proposed change in compliance requirements.
In June this year, the RBI began publishing daily transaction data on various payments platforms based on settlement volumes at the end of the day. “This initiative to disseminate payment systems activities data on a daily frequency is expected to facilitate better research and also contribute to innovations in payment systems,” it said.
**Update (December 4, 2020 5:40 pm): Updated with statement from Bharat Panchal, chief risk officer for India, Middle East and Africa, FIS. Originally published on December 4, 2020 at 1:58 pm.