RBI issues draft directions on cyber resilience, digital payment security controls for Payment System Operators

The Central bank has sought stakeholders’ feedback on the draft directions.

The draft Master Directions on Cyber Resilience and Digital Payment Security Controls for PSOs covers governance mechanism for identification, assessment, monitoring and management of cybersecurity risks including information security risks and vulnerabilities, and specify baseline security measures for ensuring safe and secure digital payment transactions.

The Central bank aims to create a framework to improve safety and security of the payment systems operated by PSOs for overall information security preparedness with an emphasis on cyber resilience, the release said.

On April 8, the RBI had said during the monetary policy meeting that it would issue these directions.

As per the directions, the Board of Directors (Board) of the PSO shall be responsible for ensuring adequate oversight over information security risks, including cyber risk and cyber resilience.

However, primary oversight may be delegated to a sub-committee of the Board which shall meet at least once every quarter.

The PSO shall formulate a Board approved Information Security (IS) policy to manage potential information security risks covering all applications and products concerning payment systems as well as management of risks that have materialised, release added.