RBI issues norms to improve safety of payment systems

The RBI said non-bank payment system operators will have to put in place a real-time fraud monitoring solution to identify suspicious transactional behaviour and generate alerts.

Also, non-bank payment system operators (PSOs) will have to ensure that an online session on mobile application is automatically terminated after a fixed period of inactivity and customers are prompted to re-login, according to Master Directions on Cyber Resilience and Digital Payment Security Controls for non-bank PSOs.

The Reserve Bank has also prescribed a phased implementation to provide adequate time to PSOs to put in place the necessary compliance structure.

RBI said the directions aim to improve safety and security of the payment systems operated by PSOs by providing a framework for overall information security preparedness with an emphasis on cyber resilience.

Regarding mobile payments, RBI said PSOs should ensure that an authenticated session, together with its encryption protocol, remains intact throughout an interaction with the customer.

“In case of any interference or if the customer closes the application, the session shall be terminated, and the affected transactions resolved or reversed out,” it said.