The Reserve Bank of India has released the draft Master Directions on Cyber Resilience and Digital Payment Security Controls for Payment System Operators (PSOs).

What are Payment System Operators (PSOs)?

• A payment system operator means a legal entity responsible for operating a payment system.
• The PSO provides services by operating on certain models.
• They largely outsource their payment and settlement-related activities to various other entities.
• Examples of PSOs include: Google Pay (and other apps), Clearing Corporation of India, National Payments Corporation of India, Cards Payment Networks, Cross border Money Transfer, ATM networks, Prepaid Payment Instruments, White Label ATM Operators, Instant Money Transfer, and Trade Receivables Discounting System, Bharat Bill Payment System etc.

Key points from the draft

(1) Governance Mechanisms:

• The draft emphasizes the need for robust governance mechanisms to manage cybersecurity risks effectively.
• It covers information security risks and vulnerabilities that PSOs should address.
• PSOs are expected to establish and maintain a comprehensive cybersecurity framework.

(2) Baseline Security Measures:

• The draft specifies baseline security measures to be implemented by PSOs.
• These measures are designed to protect digital payment systems from cybersecurity threats.
• PSOs must implement controls related to data security, access controls, incident response, and business continuity planning.

(3) Resilience to Cybersecurity Risks:

• The directions aim to ensure that PSOs are resilient to both traditional and emerging information systems and cybersecurity risks.
• PSOs are required to conduct periodic risk assessments and implement appropriate controls to mitigate identified risks.
• The draft emphasizes the importance of continuous monitoring and review of cybersecurity measures.

(4) Safeguarding Digital Payment Transactions:

• The focus of the directions is to enhance the security of digital payment transactions.
• PSOs must implement strong authentication mechanisms, encryption standards, and secure communication protocols.
• The draft highlights the need for robust fraud monitoring and reporting mechanisms.

Get an IAS/IPS ranker as your personal mentor for UPSC 2024  

Get an IAS/IPS ranker as your 1: 1 personal mentor for UPSC 2024

Attend Now