The Payments Council of India (PCI), the largest industry body for digital payments ecosystem in India welcomed the Master Directions on Digital Payments Security Controls released by The Reserve Bank of India.
The association in its support to the guidelines mentioned that the Master Directions provide regulated entities to set up a robust governance structure and implement common minimum standards of security controls for digital payments products and services.
The issued guidelines have elaborated on the minimum security infrastructure to be followed for digital payments with internet banking, mobile banking and card payment security as the focus. It also highlights the general security controls to be established for governance and management of security risks.
Appreciating the Central Bank’s efforts to proactively bring these guidelines, the industry association had submitted its recommendations to the RBI on the draft guidelines earlier. RBI has considered associations’ submission in the final guidelines and has supported the industry to maintain a secure digital payments ecosystem.
The association with more than 110 companies as its members in the digital payments, had requested the RBI to ensure that the digital payment architecture is robust and in commensuration with the transaction volumes and customer growth. It had also suggested to put in place a periodic review mechanism of IT/IT Security infrastructure and technology platform to keep a check on the ensured safety architecture.
RBI has included details to refer to standards of OWASP-ASVS considering the request to include standards to maintain security of data storage and communication for web applications within the guidelines. In the directions, RBI has also advised the banks to ensure their service providers, merchants etc. who may be involved in capturing card details for payments or otherwise should comply with all applicable Payment Card Industry Standards.
Speaking on the development,Mr. Vishwas Patel, Chairman, Payments Council of India and Director, Infibeam Avenues Limited said “The Central Bank’s efforts in promoting the use of Digital Payments while keeping in check the risk and security are a forthcoming step to an enhanced customer experience. These guidelines will put on priority the security of digital payments for the entire industry and will set a framework for standardized creation, maintenance and review of technical infrastructure mandatory to ensure secure transactions.”
“Due consideration to other suggestions like incorporating digital certificates amongst other security protocols, like algorithms and cipher suites, and decommissioning phase as a part of the lifecycle of the digital payments applications will provide an all-round perspective to these guidelines while maintaining their security objectives”, Patel added while elaborating on the industry feedback submitted by PCI on behalf of its members, on the Draft guidelines released by the RBI earlier.
With the Master Directions on the Digital Payments Security Controls, the association believes that this will ensure all regulated entities as mentioned in the guidelines to develop the capacity and maintain adherence to these guidelines. This will create a secure technologically compliant infrastructure that will help the digital payments ecosystem to grow further.