|
The Reserve Bank of India (RBI) has released a draft of its Master Directions on Cyber Resilience and Digital Payment Security Controls for Payment System Operators (PSOs). The draft directions are open for feedback from stakeholders until June 30, 2023.
The draft directions cover a wide range of topics related to cyber resilience and digital payment security, including:
Governance mechanisms for identifying, assessing, monitoring, and managing cybersecurity risks.
Baseline security measures for ensuring safe and secure digital payment transactions.
Requirements for PSOs to have adequate and appropriate cybersecurity controls in place.
Procedures for reporting cybersecurity incidents to the RBI.
The RBI has stated that the draft directions are being issued in light of the increasing threat of cyber attacks on payment systems. The directions are intended to help PSOs improve their cyber resilience and protect their customers from fraud and other risks.
Stakeholders can provide feedback on the draft directions by email or by post. The RBI has requested that all feedback be submitted by June 30, 2023.
Here are some additional details about the draft directions:
The directions apply to all PSOs, including banks, non-bank financial institutions, and other entities that operate payment systems.
The directions require PSOs to have a comprehensive cybersecurity risk management framework in place. This framework should include a risk assessment process, a plan for mitigating identified risks, and a process for monitoring and reporting on the effectiveness of the framework.
The directions require PSOs to implement a number of baseline security measures, such as:
Using strong passwords and authentication methods
Implementing data encryption
Regularly patching software vulnerabilities
Monitoring for cybersecurity threats
Reporting cybersecurity incidents to the RBI
The RBI has stated that the draft directions are a "living document" and that they may be updated in the future as the threat landscape evolves. The RBI is also encouraging stakeholders to provide feedback on the draft directions so that they can be made as effective as possible.
|