logotype

RBI Guidelines for Payment Aggregators and Payment Gateways

As a CERT-In Empaneled Security Auditor, Security Brigade is authorized to help you understand, manage, and comply with RBI Guidelines & Circulars that are released on a periodic basis. As on March 17th, 2020, the RBI has released new guidelines for Payment Aggregators and Payment Gateways, which include specific clauses and requirements pertaining to Cyber Security.  

Previously, the central bank issued circulars dated March 17, 2020, and March 31, 2021, outlining principles for the regulation of payment aggregators and payment gateways.

The RBI added that applications from 18 existing payment aggregators, including Bhartipay Services Private Limited and PhonePe Private Limited, are being processed. RNR’s platform is intended to keep our users up to date on new features and changing legislation. Please contact us to learn more about the new RBI rules and how to stay in compliance.

RNR, as an authorized CERT-In Empanelled Security Auditor, can assist you in comprehending, managing, and adhering to the Reserve Bank of India’s (RBI) Guidelines & Circulars, which are periodically issued. Recently, on March 17th, 2020, the RBI issued new guidelines pertaining to Cyber Security for Payment Aggregators and Payment Gateways. These guidelines outline specific clauses and requirements. To provide you with an overview, here are some of the key points and requirements from the RBI Guidelines for Payment Aggregators and Payment Gateways. If you would like to delve deeper into the Cyber Security Framework and learn how RNR can help you comply with the RBI’s mandates, you can download our Whitepaper.

Responsibility Of Merchant’s Security

The Open Web Application Security Project (OWASP) is an online community that focuses on promoting the development of free and open-source resources, documentation, tools, and technologies related to web application security.

Security, Fraud Prevention and Risk Management Framework

Baseline Technology-related Recommendations

Compliance Submissions

What we do

RNR’s services for payment aggregators can improve their security posture and reduce their risk of being attacked.  For further details please get in touch with us now and safeguard your payment gateways.

What is Application Security?

Effective Security Testing Safeguards your Applications from Cyber Threats & Vulnerabilities

RNR Application Security Testing helps in identifying vulnerabilities in your application, providing comprehensive coverage for both web and mobile application infrastructure, online services, and minimizing risks to comply with regulatory standards. Our approach to application security goes beyond just scanning for software issues. We focus on identifying and prioritizing the most vulnerable areas of your online application and offer practical solutions.

Leave us message

How May We Help You!

      Service Request Form

      Select Service(s) You Want:

      Information & cyber security program strategy & roadmapEnterprise & cyber security risk assessment & managementThird party risk managementVirtual CISO serviceCyber security awareness programPhishing simulation programThreat modelingUser access governance & certificationIncident management and response planISO 27001/22301/27701/9001RBI master directionNHB cyber security guidelinesIRDAI cyber security guidelinesNIST FrameworkSOC1/SOC2Data localization as per RBI circular of storage of payment system dataCIS frameworkInternal audit managementCloud assessment as per CISDesigning cloud security architectureCSPM security monitoringGap assessment as per applicable guidelinesNetwork architecture reviewFirewall rule reviewFirewall configuration reviewSystem hardening checksVulnerability assessment program managementWeb application penetration testingMobile application penetration testingInfrastructure vulnerability assessmentAPI vulnerability assessmentAPI fuzzingRed teaming ExerciseData protection advisoryData flow diagramDigital personal data protection acData protection controls implementationData discovery and classificationDesigning of data protection policyData governance programDigital personal data protection acGap assessmentArticulation of policy and proceduresISO 27001/22301/27701/9001, PCI-DSS, SOC1/SOC2, COBIT, COSO, HIPPA, RBI, IRDAI, NIST, Data Localization, CISGRC tool implementationArticulation of BCP plan and strategyCrisis management planBCP/DR planning and implementationImplementation of BCMS standard (ISO 22301)Conducting actual and tabletop DR drillsFunctional recovery planGRC resource deployment onsite/offsiteSecurity services resource deployment onsite/offsite

      Contact Details:

      Name (required):

      Organization Name (required):

      Email (required):

      Contact No (required):

      Detail about the requirement (optional):