Among key proposals is a mechanism to disable mobile payments when a remote user has been given access to the device. The RBI also sought to ensure that transaction alerts mention merchants’ names rather than that of payment gateways. It has also proposed a cooling period of at least 12 hours for payment after a change in the registered mobile number or email ID. The directions follow the licensing of payment system operators by the central bank, and issuing master directions makes them fully regulated entities. These measures are part of draft directions on ‘Cyber Resilience and Digital Payment Security Controls for Payment System Operators (PSOs)’. PSO is an umbrella term, which includes financial market infrastructure providers like retail payment organisations like NPCI, cardpayment networks like Visa, Mastercard, RuPay, non-bank ATM networksand large prepaid instrument issuers.
Besides institutionalising best practices that some large PSOs already follow, the regulator has sought to address some causes of fraud. For instance, there are frauds that are undertaken by getting the victim to install a remote access app like AnyDesk, which the fraudster uses to gain control of the device. The directions classify PSOs according to the space they operate in and their scale of operations. For large PSOs, the directions will come into force from April 2024, for mid-sized PSOs from April 2026, and for small PSOs from April 2028.
The infrastructure providers and the entities below them, which also include trade receivables discounting system (TReDS) operators, Bharat Bill Payment operating units (BBPOUs), and payment aggregators (PAs) are classified as large non-bank PSOs.
Cross-border (in-bound) money transfer operators under the Money Transfer Service Scheme (MTSS) and mid-sized prepaid instrument issuers are treated as medium non-bank PSOs. Small prepaid instrument issuers and instant money transfer operators are small non-bank PSOs.
The central bank has asked for feedback on the draft norms by June 30.
function loadGtagEvents(isGoogleCampaignActive) { if (!isGoogleCampaignActive) { return; } var id = document.getElementById('toi-plus-google-campaign'); if (id) { return; } (function(f, b, e, v, n, t, s) { t = b.createElement(e); t.async = !0; t.defer = !0; t.src = v; t.id = 'toi-plus-google-campaign'; s = b.getElementsByTagName(e)[0]; s.parentNode.insertBefore(t, s); })(f, b, e, 'https://www.googletagmanager.com/gtag/js?id=AW-877820074', n, t, s); };
window.TimesApps = window.TimesApps || {}; var TimesApps = window.TimesApps; TimesApps.toiPlusEvents = function(config) { var isConfigAvailable = "toiplus_site_settings" in f && "isFBCampaignActive" in f.toiplus_site_settings && "isGoogleCampaignActive" in f.toiplus_site_settings; var isPrimeUser = window.isPrime; if (isConfigAvailable && !isPrimeUser) { loadGtagEvents(f.toiplus_site_settings.isGoogleCampaignActive); loadFBEvents(f.toiplus_site_settings.isFBCampaignActive); } else { var JarvisUrl="https://jarvis.indiatimes.com/v1/feeds/toi_plus/site_settings/643526e21443833f0c454615?db_env=published"; window.getFromClient(JarvisUrl, function(config){ if (config) { loadGtagEvents(config?.isGoogleCampaignActive); loadFBEvents(config?.isFBCampaignActive); } }) } }; })( window, document, 'script', );
For all the latest business News Click Here
