The Reserve Bank of India on 18th February 2021 has published the Reserve Bank of India (Digital Payment Security Controls) directions, 2021 which shall be applicable to Scheduled Commercial Banks (excluding Regional Rural Banks), Small Finance Banks, Payments Banks, and Credit card issuing NBFCs.
The Direction provides necessary guidelines for the above-Regulated Entities to set up a robust governance structure and implement common minimum standards of security controls for digital payment products and services. The guidelines are technology and platform agnostic and shall create an enhanced and enabling environment for customers to use digital payment products in a more safe and secure manner.
Further, the Direction consolidates important control aspects broadly in the following areas viz., Governance and Management of Security Risks, Generic Security Controls, Application Security Life Cycle (ASLC), Authentication Framework, Fraud Risk Management, Reconciliation Mechanism, Customer Protection, Awareness and Grievance Redressal Mechanism, specific controls related to Internet Banking, Mobile Payments Application Security Controls, and Card Payments Security.
