MUMBAI: Did you ever download an app that prompts you to share your phone’s screen to get assistance in mobile transactions, but actually lost money? Such cases of fraud using remote access have been on the rise in recent times. Now, the RBI is making it tougher for online fraudsters to dupe unsuspecting users by prescribing security features for non-bank payment system operators.
Read More: Gold Prices In India Remain Above Rs 60,000: Check Latest Gold Rates In Your City
Among key proposals is a mechanism to disable mobile payments when a remote user has been given access to the device. The RBI also sought to ensure that transaction alerts mention merchants’ names rather than that of payment gateways. It has also proposed a cooling period of at least 12 hours for payment after a change in the registered mobile number or email ID. The directions follow the licensing of payment system operators by the central bank, and issuing master directions makes them fully regulated entities. These measures are part of draft directions on ‘Cyber Resilience and Digital Payment Security Controls for Payment System Operators (PSOs)’. PSO is an umbrella term, which includes financial market infrastructure providers like retail payment organisations like NPCI, cardpayment networks like Visa, Mastercard, RuPay, non-bank ATM networksand large prepaid instrument issuers.
Read More: RBI Imposes Rs 2.2-crore Penalty on Indian Overseas Bank
Besides institutionalising best practices that some large PSOs already follow, the regulator has sought to address some causes of fraud. For instance, there are frauds that are undertaken by getting the victim to install a remote access app like AnyDesk, which the fraudster uses to gain control of the device. The directions classify PSOs according to the space they operate in and their scale of operations. For large PSOs, the directions will come into force from April 2024, for mid-sized PSOs from April 2026, and for small PSOs from April 2028.
Read More: Tur, Urad Dal Prices To Come Down? Government Imposes Stock Limits Till October
The infrastructure providers and the entities below them, which also include trade receivables discounting system (TReDS) operators, Bharat Bill Payment operating units (BBPOUs), and payment aggregators (PAs) are classified as large non-bank PSOs.
Cross-border (in-bound) money transfer operators under the Money Transfer Service Scheme (MTSS) and mid-sized prepaid instrument issuers are treated as medium non-bank PSOs. Small prepaid instrument issuers and instant money transfer operators are small non-bank PSOs.
The central bank has asked for feedback on the draft norms by June 30.