The RBI has issued master directions on cyber resilience and digitalpayment security controls for non-bank payment system operators("PSOs"), effective from the publication date. The guidelines aim toenhance the safety and security of digital payment systems byimplementing robust governance mechanisms, baseline security measures,and ensuring compliance with the latest security standards. Thesedirections include governance controls, risk assessment, incident response,and baseline information security measures. The timeline for compliancevaries by the size of the PSO, with large PSOs required to comply by April1, 2025.
Additionally, the master directions emphasize the importance of cybersecurity preparedness, secure application development, data security,vendor risk management, and cloud security. The PSOs are also instructedto enhance digital payment security measures for mobile payments, cardpayments, and prepaid payment instruments. The implementation of thesedirections aims to create a resilient digital payment ecosystem, addressingboth existing and emerging cyber threats, thereby safeguarding publicinterest.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.