RBI proposes rules for payment system operators to strengthen cybersecurity

RBI proposes rules for payment system operators to strengthen cybersecurity

PSOs shall ensure adherence to these Directions by such unregulated entities as well, subject to mutual agreement.

IANSUpdated: Friday, June 02, 2023, 10:31 PM IST
article-image
As per the report, almost 49 per cent equivalent to 6,659 cases were in the digital payment – card/internet transactions category | Pexels

The Reserve Bank of India (RBI) on Friday issued a draft master direction on cyber resilience and digital payment security controls for payment system operators.

The central bank has sought comments on the draft guidelines till June 30. These can be sent through email or post to the Chief General Manager, Department of Payment and Settlement Systems, Central Office, RBI in Mumbai.

The draft guidelines cover governance mechanisms for the identification, assessment, monitoring, and management of cybersecurity risks including information security risks and vulnerabilities, and specify baseline security measures for ensuring safe and secure digital payment transactions.

On April 8, the RBI had announced that it will issue directions on cyber resilience and payment security controls of payment system operators (PSOs).

"To effectively identify, monitor, control and manage cyber and technology related risks arising out of linkages of PSOs with unregulated entities who are part of their digital payments ecosystem (like payment gateways, third-party service providers, vendors, merchants, etc.),

PSOs shall ensure adherence to these Directions by such unregulated entities as well, subject to mutual agreement. An organisational policy in this respect, approved by the Board, shall be put in place," the guidelines say.

It is the board of directors of PSOs who will be responsible for ensuring adequate oversight over information security risks, including cyber risk and cyber resilience. However, primary oversight may be delegated to a sub-committee of the board which shall meet at least once every quarter.

Also, the PSO shall formulate a Board approved Information Security (IS) policy to manage potential information security risks covering all applications and products concerning payment systems as well as management of risks that have materialised, they said further. The policy is to be reviewed annually.

It shall cover the roles and responsibilities of board or sub-committees of the board, senior management, and other key personnel; measures to identify, assess, manage, and monitor cyber security risks which shall also include various types of security controls for ensuring cyber resiliency along with processes for training and awareness of employees or stakeholders.

Also, the RBI has asked PSOs to prepare a distinct Board-approved cyber crisis management plan (CCMP) to detect, contain, respond, and recover from cyber threats and cyber-attacks.

Relevant guidelines from CERT-In or National Critical Information Infrastructure Protection Centre (NCIIPC) or IDRBT and other agencies may be referred for guidance, it said.

In addition to this, the PSO shall undertake a cyber risk assessment exercise relating to the launch of new products or services or technologies or undertaking major changes to the infrastructure or processes of existing product or services.

RECENT STORIES

Streaming Highway: Here Are The Top OTT Platforms With Most Subscribers

Streaming Highway: Here Are The Top OTT Platforms With Most Subscribers

Amid Chaos, Cobalt-Rich Congo Gets $1.5 Billion Loan From IMF

Amid Chaos, Cobalt-Rich Congo Gets $1.5 Billion Loan From IMF

Snap From Past: Harsh Goenka Posts A Vintage Photo With His 'Friends' With A Sweet Note; Netizens...

Snap From Past: Harsh Goenka Posts A Vintage Photo With His 'Friends' With A Sweet Note; Netizens...

Pakistan To Seek Rollover Of $12 Billion Debt To Meet Budget Targets Before IMF Team's Arrival

Pakistan To Seek Rollover Of $12 Billion Debt To Meet Budget Targets Before IMF Team's Arrival

OpenAI Rumoured To Launch ChatGPT-Powered Search Engine: Will It Challenge Google's Dominance?

OpenAI Rumoured To Launch ChatGPT-Powered Search Engine: Will It Challenge Google's Dominance?