The Reserve Bank of India (RBI) on Tuesday announced new guidelines aimed at improving the safety and security of payment systems operated by non-bank payment system operators (PSOs). According to the new norms, PSOs are required to implement a real-time fraud monitoring solution to identify suspicious transactional behaviour and generate alerts.
In addition, non-bank PSOs must ensure that an online session on mobile applications is automatically terminated after a fixed period of inactivity, prompting customers to re-login. These measures are part of the RBI's Master Directions on Cyber Resilience and Digital Payment Security Controls for non-bank PSOs.
The guidelines, effective from Tuesday, will be implemented in phases to allow PSOs adequate time to establish the necessary compliance structures. The RBI stated that these directions aim to enhance the safety and security of payment systems by providing a comprehensive framework for information security preparedness, with a strong focus on cyber resilience.
For mobile payments, the RBI emphasised that PSOs must ensure that authenticated sessions, along with their encryption protocols, remain intact throughout the customer interaction. If there is any interference or if the customer closes the application, the session should be terminated and any affected transactions should be resolved or reversed.
Furthermore, the guidelines require PSOs to implement mechanisms that automatically terminate online sessions on mobile applications after a fixed period of inactivity, prompting customers to re-login. PSOs are also instructed to identify and prohibit the use of remote access applications on mobile payment apps when remote access is active.
Additionally, the RBI directed card networks to facilitate the implementation of transaction limits at the card, bank identification number (BIN), and card issuer levels. These limits must be set at the card network switch itself.
These new measures are part of the RBI's ongoing efforts to bolster the security and resilience of the digital payment ecosystem, ensuring safer transactions for customers and enhancing overall trust in the system.