The Reserve Bank of India (RBI) recently released Master Directions on Security Controls for Non-Bank Payment Systems, aiming to enhance the safety and security of payment systems operated by Payment System Operators (PSOs).
The framework adopts a comprehensive approach that encompasses:

➡Identification
➡Monitoring
➡Control
➡Management
This structured approach ensures that PSO’s can proactively address and safeguard against the dynamic challenges posed by the evolving digital payments landscape.

𝐇𝐢𝐠𝐡𝐥𝐢𝐠𝐡𝐭𝐬 𝐨𝐟 𝐭𝐡𝐞 𝐌𝐚𝐬𝐭𝐞𝐫 𝐃𝐢𝐫𝐞𝐜𝐭𝐢𝐨𝐧:

✔ Section I: Preliminary

The Master Directions outline a comprehensive framework for cyber resilience and digital payment security.

Implementation deadlines vary based on the size of the PSO:

-Large PSOs: Due date: April 1, 2025
-CCIL, NPCI, BBPS, Card Payment & ATM Networks (including WLAOs), PPI
-Issuers, TReDS Operators, BBPOUs, PAs
⁠-Medium PSOs: Due date: April 1, 2026
-Cross-border MTSS, Medium PPI Issuers
-⁠Small PSOs: Due date: April 1, 2027
-Instant Money Transfer Operators

✔ Section II: Governance Controls

Strong governance is emphasized, with the Board responsible for overseeing information security and cyber resilience.
This includes the mandatory appointment of a senior executive, such as a Chief Information Security Officer (CISO), to lead these efforts.

✔ Section III: Baseline Information Security Measures/Controls
The key areas covered include inventory management, identity and access management, network security, and data security. The guidelines emphasized the need for regular security testing and comprehensive risk assessments to ensure robust defenses.

✔ Section IV: Digital Payment Security Measures/Controls

Guides on measures to be taken by mobile payments, card payments, and prepaid payment instrument service providers & operators. The guidelines also emphasized the need for focus on enhancing customer transaction security and implementing real-time fraud detection mechanisms.

Our speakers Shashank Shekhar, Co-founder and Head of Consulting
Deepak Sai, Senior Consultant decoded the RBI Master Directions on Cyber Resilience and Digital Payment Security Controls during our knowledge session


#rbi #masterdirection #regulations #nonbank #paymentserviceprovider #paymentserviceoperator #rbi #regulations #masterdirection