Major Highlights from Master Direction on Digital Payment Security Controls
-Ashutosh Dubey- lead Business Analytics, NPCI
Section | Area | Key Highlights |
---|---|---|
1 | General Controls |
|
2 | Internet Banking Security Control | Implement additional levels of authentication to internet banking website such as adaptive authentication, strong CAPTCHA (preferably with anti-bot features) with server-side validation, etc., in order to plug this vulnerability and prevent its exploitation |
3 | Mobile Payment Application Security Control |
Considering that the additional factor of authentication and mobile application may reside on the same mobile device in the case of mobile banking, mobile payments, Regulated Entities may consider implementing alternatives to SMS-based OTP authentication mechanisms. The mobile application should not store/ retain sensitive personal/ consumer authentication information such as user IDs, passwords, keys, hashes, hard coded references on the device and the application should securely wipe any sensitive customer information from memory when the customer/ user exits the application |
4 | Card payment Security | Card details of the customers are not stored in plain text at the Regulated Entity and its vendor(s) locations, systems and applications. |
ROLE OF REGULATORS IN THE GROWTH OF FINTECH INDUSTRY
-SHWETA SRIVASTAVA, GROUP CTO – PAUL MERCHANTS LIMITED
Where there is growth, there arises the need for Regulation. With the government’s vision of Digital India, India has seen a boom in this field. With the focus of government towards digital economy, initiatives like GST, UPI based payments etc. has triggered the change.
Currently there are around 1500 fintech start-ups along with thousands of well established companies which are catering to the technology development in financial domain.
We all have witnessed the revolution and tremendous amount of evolution in financial sector in the direction of digitization in past few years which has opened the doors of opportunity for Fintechs. A considerable no of technology companies have brought path-breaking ideas in the field of financial services, outspreading the reach of financial products and services to people in all segments of society. Fund transfer, Investments, Lending, Payments, Savings, Cross-border remittances all have been made available through digital platforms. With the advent of Technology solutions facilitating digitization like Digital Banking, eWallets, Mobile banking, WhatsApp banking etc. it has become extremely convenient for common man to access financial services by just few clicks.
With such a strong influence of these fintech companies, it is imperative for regulators to ensure uniformity in operations and to establish the dos and don’ts for the industry. It has been observed that there is a significant surge in the no. of cybersecurity incidents and frauds. In the wake of cyber security threats and attacks, it is imperative to setup the best-in-class and robust cyber security framework.
Though, these fintechs currently come under the purview of multiple regulators like RBI, SEBI, IRDA and TRAI, there is still a need of a uniform regulatory framework. Digital Payment Security Controls (DPSC) guidelines from RBI is a step towards this direction which shall ensure adherance to the necessary cyber security controls and infrastructure to cover the risks associated with digital platforms. Another important step from regulators is the PDPB which shall help safeguard customer’s data privacy and security