The Reserve Bank of India on Friday released the draft directions on cyber resilience and digital payment security controls for payment system operators (PSOs). As per information, the move aims at improving safety and security of their payment systems.
According to the suggested guidelines, PSOs would be required to notify RBI within six hours of discovery of any anomalous incident, including those involving cyberattacks, outages of essential systems or infrastructure, internal fraud, and settlement delays.
The RBI has suggested that each person with access to the PSO's IT environment be given a digital identity that will be retained and tracked until termination.
The draft guidelines are being released at a time when cyberattacks on payment systems, which are a catalyst for fostering financial stability and supporting financial inclusion, are on the rise.
The PSO Board will be in charge of making sure that information security risks, including cyber risk and cyber resilience, are adequately supervised, per the proposed regulations. To manage potential risks for all applications and products relating to payment systems, as well as management of risks that have already materialised, the PSO will need to develop an information security policy that has been approved by the board.