RBI reinforces security norms for payment companies
By MYBRANDBOOK
The Reserve Bank of India (RBI) has tightened its supervision norms over payments companies storing customer data, due to the rising cybersecurity threats and breaches in India. All the payment system operators (PSOs) will now have to submit detailed “compliance certificates” to the central bank twice a year from April 1, 2021, onwards.
The documents have to be signed by their Chief Executive Officer (CEOs) or managing directors (MDs), confirming the adherence to all the RBI regulations around security and storage of payment data.
RBI’s department of payment and settlement systems (DPSS) issued a letter to all the PSOs operating in India, asking them to submit their certificates on April 30 and October 31 for the period ending March 31 and September 30, respectively.
Along with this, the Indian PSOs will also have to submit board-approved system audit report (SAR) by CERT-empanelled auditors. The central bank had introduced this provision back in April 2018 and it will continue in practice, even as the PSOs take a step to ensuring proper certifications.
The new specification comes at a time when several Indian payments and tech startups across the sectors have witnessed data leaks and cyber-attacks. Some of these companies are grocery delivery giant BigBasket (acquired by Tata), edtech startup Unacademy, crowdfunding platform Impact Guru and many others.
Merchants like Amazon, Microsoft, Netflix, Flipkart, Zomato and others to store customers’ credit card credentials “and related data” on their servers under the new payment aggregators and payment gateway (PA-PG) norms that come into effect this year, are also prohibited by the RBI. The guidelines also bar payment aggregators from storing customer card credentials within their database or the servers assessed by the merchants.
RBI has decided to not allow merchants to store such financial data as they would anyway not be answerable in case of any security breaches since the norm pertains to payment aggregators and gateways. The new guidelines will treat all payment aggregators as regulated entities under the Payment and Settlement Systems Act (2007) under the central bank’s direct supervision.
Singapore to remove One-Time Passwords from Bank Accounts
According to the Monetary Authority of Singapore, clients who utilise secur...
Is 375 million Airtel subscribers database breached?
When a hacker claims to have accessed and put up for sale a customer databa...
The government of India intends to construct a single portal f
A single portal will be launched by the Indian government to list all of it...
OpenAI offers GPT-4o, a faster model available to all users at
GPT-4o, a faster and more sophisticated AI model, is made available to all...
Icons Of India : Arjun Malhotra
Arjun Malhotra, the Chairman of Magic Software Inc., is widely recogni...
ICONS OF INDIA : RITESH AGARWAL
Ritesh Agarwal is an Indian billionaire entrepreneur and the founder a...
Icons Of India : MADHABI PURI BUCH
Madhabi Puri Buch is the first-female chairperson of India’s markets...
DRDO - Defence Research and Development Organisation
DRDO responsible for the development of technology for use by the mili...
ECIL - Electronics Corporation of India Limited
ECIL is distinguished by its diverse technological capabilities and it...
C-DAC - Centre for Development of Advanced Computing
C-DAC is uniquely positioned in the field of advanced computing...
Indian Tech Talent Excelling The Tech World - PADMASREE WARRIOR, Founder, President & CEO - Fable
Padmasree Warrior, the Founder, President, and CEO of Fable, is revolu...
Indian Tech Talent Excelling The Tech World - Aman Bhutani, CEO, GoDaddy
Aman Bhutani, the self-taught techie and CEO of GoDaddy, oversees a co...
Indian Tech Talent Excelling The Tech World - Sundar Pichai, CEO- Alphabet Inc.
Sundar Pichai, the CEO of Google and its parent company Alphabet Inc.,...