Updated News Around the World
Technology

Rbi: RBI proposes new norms on digital payment security controls – Times of India

By Andrew McCollum

The Reserve Bank of India (RBI) has proposed to establish robust governance mechanisms for authorised non-bank payment system operators (PSOs) to effectively address emerging cybersecurity risks. The central bank has issued a ‘Draft Master Directions on Cyber Resilience and Digital Payment Security Controls for Payment System Operators’. These guidelines cover governance mechanisms for the identification, assessment, monitoring and management of cybersecurity risks, including information security risks and vulnerabilities. They also specify baseline security measures to ensure safe and secure digital payment transactions. The RBI has invited stakeholders to provide comments and feedback on the draft by June 30.
The central bank made it clear that there is no change in the existing instructions concerning security and risk mitigation for card payments, prepaid payment instruments (PPIs) and mobile banking. The same will continue to remain in effect.
What the new guidelines say
“To effectively identify, monitor, control and manage cyber and technology related risks arising out of linkages of PSOs with unregulated entities, who are part of their digital payments ecosystem, PSOs shall ensure adherence to these Directions by such unregulated entities as well, subject to a mutual agreement,” the draft directions said.
“The Board of Directors (Board) of the PSO shall be responsible for ensuring adequate oversight over information security risks, including cyber risk and cyber resilience,” the draft said.

The draft requires PSOs to develop an approved Cyber Crisis Management Plan (CCMP) to detect, contain, respond to, and recover from cyber threats and attacks. It also mandates PSOs to maintain records of key roles, information assets, critical functions, processes, third-party service providers, and their interconnections, and document their levels of usage, criticality and business value. Relevant guidelines from CERT-In or National Critical Information Infrastructure Protection Centre (NCIIPC) or IDRBT and other agencies may be referred for guidance, it further said.
The draft also covers network security, application security life cycle (ASLC), security testing, vendor risk management, business continuity plans and other key issues.

window.TimesApps = window.TimesApps || {}; var TimesApps = window.TimesApps; TimesApps.toiPlusEvents = function(config) { var isConfigAvailable = "toiplus_site_settings" in f && "isFBCampaignActive" in f.toiplus_site_settings && "isGoogleCampaignActive" in f.toiplus_site_settings; var isPrimeUser = window.isPrime; if (isConfigAvailable && !isPrimeUser) { loadGtagEvents(f.toiplus_site_settings.isGoogleCampaignActive); loadFBEvents(f.toiplus_site_settings.isFBCampaignActive); } else { var JarvisUrl="https://jarvis.indiatimes.com/v1/feeds/toi_plus/site_settings/643526e21443833f0c454615?db_env=published"; window.getFromClient(JarvisUrl, function(config){ if (config) { loadGtagEvents(config?.isGoogleCampaignActive); loadFBEvents(config?.isFBCampaignActive); } }) } }; })( window, document, 'script', );

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! NewsUpdate is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.

Andrew McCollum 109721 posts 0 comments