Wait...

Online Export Import Data Search

Recent Searches: No Recent Searches
Complete Training Video : Click Here

Banking on cybersecurity: RBI’s new rules for digital transactions a step forward.


Date: 23-02-2021
Subject: Banking on cybersecurity: RBI’s new rules for digital transactions a step forward
The master direction on digital payment security controls, released last week, casts a wide net.

The skyrocketing of online transactions in the country—Covid-19 has provided no small impetus, with the amount transacted via UPI doubling in January 2021, at Rs 4.3 lakh crore, from lasts year’s Rs 2.1 lakh crore—calls for fortifying cybersecurity in the country; indeed, a 2020 report from Cybersecurity Ventures estimates damage from cybercrime at $6 trillion by the end of this year, with the intensity of cyberattacks sharply up from one every 11 seconds in 2021 versus one every 40 seconds in 2016.

The Reserve Bank of India has, therefore, done well to provide regulatory direction in this regard, with a new set of guidelines for the digital banking and payments ecosystem. The master direction on digital payment security controls, released last week, casts a wide net.

Not only do the new rules require regulated entities (REs)—scheduled commercial banks, small finance banks, payments banks and credit-card-issuing NBFCs—to conduct periodic assessment of apps, REs are also required to assess associated third-party services. REs will have to assess cyber-risk based on defined parameters like technology stack, operational risk, data storage, etc.

Compatibility and interoperability are also parameters that need to be incorporated into risk assessment. While the rules require REs to have their own trained resources for managing cyber-risk, RBI has said that it will be releasing guidelines on engaging third-party operators, for REs wishing to outsource such functions. While the guidelines pertain to the digital financial services ecosystem, RBI’s focus is digital payment applications.

REs would be required to conduct source-code checks, vulnerability testing and penetration testing every six months for payment systems. Third-party operators, thus, will not only be subject to rigorous periodic testing, but they will also have to submit their source code to REs to ensure continuity in service. They will also be subject to penal provisions in case of no compliance.

The new guidelines also want REs to setup a near-real-time conciliation mechanism (24-hour settlement) along with a robust grievance redressal system that can process requests faster. Besides, the rules lay down methods for multi-factor authentication and more secure internet-banking services, requiring REs to follow the highest security standard protocols. As the intensity of phishing attacks using SMS, e-mails and tele-calling have increased, the rules call upon REs to focus on preventing such attacks.

There have been situations in the past where users’ debit card and account information have been leaked; so, the rules require REs to secure such data. The aim is to avoid another HDFC-like episode. After two years of service outages, RBI had to stop the bank from releasing any new digital products or updating its services.

If cyberattacks are to be preempted meaningfully, the government needs to require app developers participating in the ecosystem to carry out testing and ensure they follow specific standards. The government needs to, thus, release cybersecurity guidelines for devices and apps.

A testing and certification ecosystem has also been talked about, comprising registered firms and individuals to carry out security testing and audits. Unless the government moves fast on the cybersecurity front—the review of the national cybersecurity strategy has been pending for seven years now—digital services would be open to attacks.

Source:-financialexpress.com

Get Sample Now

Which service(s) are you interested in?
 Export Data
 Import Data
 Both
 Buyers
 Suppliers
 Both
OR
 Exim Help
+


What is New?

Date: 26-02-2021
Notification No. 25/2021-CUSTOMS (N.T.)
Tariff Notification in respect of Fixation of Tariff Value of Edible Oils, Brass Scrap, Poppy Seed, Areca nut, Gold & Silver - reg.

Date: 26-02-2021
A.P. (DIR Series) Circular No. 12
Investment by Foreign Portfolio Investors (FPI) in Defaulted Bonds - Relaxations

Date: 25-02-2021
Notification No. 09/2021 -Customs (ADD)
Seeks to amend notification no 29/2017-Customs (ADD) dated 14.06.2017 so as to extend the said notification up to 28.06.2021.

Date: 25-02-2021
Notification No. 10/2021-Customs (ADD)
Seeks to further amend notification No. 2/2016-Customs (ADD) dated 28th Jan, 2016 to extend the levy of Anti-Dumping duty on Melamine originating in or exported from China PR, up to and inclusive of 31st March, 2021.

Date: 25-02-2021
Public Notice No. 40/2015-20
Amendment in Appendix 1B, Hand Book of Procedure 2015-20

Date: 23-02-2021
Notification No. 03/2021-Central Tax
Seeks to notify persons to whom provisions of sub-section (6B) or sub-section (6C) of section 25 of CGST Act will not apply.

Date: 23-02-2021
Trade Notice No. 43/2020-2021
Electronic filing and Issuance of Preferential Certificate of Origin (CoO) for India’s Exports under India-Mercosur PTA and India-Thailand EHS w.e.f. 25th February 2021

Date: 23-02-2021
Notification No. 20/2021-Customs (N.T./CAA/DRI)
Appointment of CAA by Pr. DGRI

Date: 23-02-2021
Notification No. 21/2021-Customs (N.T./CAA/DRI)
Appointment of CAA by Pr. DGRI

Date: 22-02-2021
Circular No. 06/2021-Customs
Policy and Guidelines for setting up of Inland Container Depots (ICDs), Container Freight Stations (CFSs) and Air Freight Stations (AFSs)-Reg.



Exim Guru Copyright © 1999-2021 Exim Guru. All Rights Reserved.
The information presented on the site is believed to be accurate. However, InfodriveIndia takes no legal responsibilities for the validity of the information.
Please read our Terms of Use and Privacy Policy before you use this Export Import Data Directory.

EximGuru.com

C/o InfodriveIndia Pvt Ltd
F-19, Pocket F, Okhla Phase-I
Okhla Industrial Area
New Delhi - 110020, India
Phone : 011 - 40703001