A New Organization Will Work on Digital Payments SecurityRBI Creating a Self-Regulatory Organization to Lead Security Efforts
The Reserve Bank of India’s plans to create a self-regulatory organization by April to help oversee the digital payments system could help reduce the complexity of RBI’s efforts to help ensure payments security, some security experts say.
See Also: A CISO’s Guide to Defender Alignment
An SRO is a non-governmental organization with the power to create and enforce industry and professional regulations and standards. The nation’s central bank has yet to spell out the details for how the SRO will function, but the separate entity would help guide payments organizations in adhering to security standards.
Supporters of the initiative argue that RBI has too many projects to handle to take on additional tasks monitoring the digital payment system.
“The self-regulatory organization will reduce the complexity of RBI's work - which is to ensure the overall safety and soundness of India’s financial system - by delegating a specialized agency which understands the particular issues and requirements of the payments industry,” says Tom Wills, director of Secure Strategies, a financial consulting organization.
The SRO will manage security standards and best practices for the specific needs of the payments industry and will also serve as a single point of contact between the industry and RBI, he adds.
The SRO’s Tasks
RBI will put in place a framework for establishing an SRO for the digital payment system by April 2020 to foster best practices on security and customer protection against frauds and help ensure data security, says Yogesh Dayal, RBI’s chief general manager.
RBI will also publish guidelines for setting up the SRO, a self-governing body with a mandate to enhance the communications mechanism between payment sector stakeholders, such as service provider and banks, and regulatory and supervisory bodies, including RBI.
The central bank anticipates exponential growth in India’s number of digital payments, with a compounded annual growth rate of 12.7 percent. Plus, the mobile wallet market will have a continuous annual growth rate of more than 52 percent until 2023, according to a KPMG report.
Because this explosive growth will make it difficult to track transactional fraud, the new SRO will play an essential role, Dayal says.
The increased use of digital payments has increased the chances of getting exposed to cybersecurity risks, such as online fraud, information theft, and malware attacks, RBI says. So there’s a need for better coordination of efforts to enhance security.
Creating a Framework
The self-regulatory body is expected to devise a framework that the digital payments industry will voluntarily follow.
Delhi-based Sriram Natarajan, president of Quintus Technologies, a global fintech company, says the SRO will help ensure coordination and cooperation among the players in the payments ecosystem to help ensure the the digital payments organizations adhere to stringent security guidelines prescribed by the RBI.
Wills says the SRO framework should enable every payment service provider to monitor transactions for possible fraud and money laundering so they can determine whether a payment transaction should proceed, based on the level of risk it poses.
“RBI’s SRO guidelines should embody specific best security practices for payment systems, which comprise areas specific to payments, such as monitoring and authorizing transactions, as well as general enterprise best practices - as you would see in other standards like, for example, COBIT or the ISO/IEC 27000 series,” Wills says.
The SRO should help promote the widespread use of the PCI DSS standards and ensure that payments organizations are compliant with EMV 2.0, 3D-secure 2.0 and other global regulations on the data security standards, such as ISO 20022, some security experts say.
With digital payments skyrocketing, Siba Panda, CISO and chief vigilance officer at Paytm Payments Bank, says he’s anxious to see how the SRO concept gets translated into a reality.
“The number of digital transactions is going to increase significantly over the foreseeable future,” he says. “Further, for various reasons, despite the continuous strengthening of the security framework in all the related organizations, the number of digital frauds is also going to increase.”
The new SRO can play a significant role in improving customer awareness of risks, he says.
Natarajan suggests that the SRO should spell out specific solutions for securing digital payments.