RBI on Tuesday said that non-bank payment system operators will have to implement real time fraud monitoring solution to identify suspicious transaction behavior and issue alerts.
PSO got these instructions
According to the Master Direction on Cyber Resilience and Digital Payment Safety Controls for Non-Bank PSOs, non-bank payment system operators (PSOs) will also have to ensure that the online session on the mobile application is automatically closed after a certain period and the customer is asked to login again.
Rules came into effect with immediate effect
These directions have come into effect from Tuesday, but the Reserve Bank has also prescribed a phased implementation to provide sufficient time to PSOs to put in place the required compliance structure. The RBI said the directions are aimed at improving the safety and security of payment systems operated by PSOs by providing a framework for overall information security preparedness with an emphasis on cyber resilience.
Also Read: Weather Forecast Today: IMD has issued an orange alert in 15 districts of this state. check weather condition in your city
RBI also said that card networks must ensure that customers’ card details are stored in encrypted form at any of their server locations. The central bank has also asked prepaid payment instrument issuers to communicate OTP and transaction alerts to users in a language of their choice.
Special care will be taken of privacy
The RBI said that the PSO should implement a comprehensive data leak prevention policy for confidentiality, integrity, availability and security of business and customer information in respect of data held by it or available at vendor-managed facilities.
As per the directions, while sending SMS or e-mail alerts to customers by PSOs or payment system participants, it has to be ensured that the bank account number, card number or other confidential information is redacted/hidden as far as possible.
