RBI Guidelines for Payment Aggregators and Payment Gateways
As a CERT-In Empaneled Security Auditor, Security Brigade is authorized to help you understand, manage, and comply with RBI Guidelines & Circulars that are released on a periodic basis. As on March 17th, 2020, the RBI has released new guidelines for Payment Aggregators and Payment Gateways, which include specific clauses and requirements pertaining to Cyber Security.
Previously, the central bank issued circulars dated March 17, 2020, and March 31, 2021, outlining principles for the regulation of payment aggregators and payment gateways.
The RBI added that applications from 18 existing payment aggregators, including Bhartipay Services Private Limited and PhonePe Private Limited, are being processed. RNR’s platform is intended to keep our users up to date on new features and changing legislation. Please contact us to learn more about the new RBI rules and how to stay in compliance.
RNR, as an authorized CERT-In Empanelled Security Auditor, can assist you in comprehending, managing, and adhering to the Reserve Bank of India’s (RBI) Guidelines & Circulars, which are periodically issued. Recently, on March 17th, 2020, the RBI issued new guidelines pertaining to Cyber Security for Payment Aggregators and Payment Gateways. These guidelines outline specific clauses and requirements. To provide you with an overview, here are some of the key points and requirements from the RBI Guidelines for Payment Aggregators and Payment Gateways. If you would like to delve deeper into the Cyber Security Framework and learn how RNR can help you comply with the RBI’s mandates, you can download our Whitepaper.
Responsibility Of Merchant’s Security
The Open Web Application Security Project (OWASP) is an online community that focuses on promoting the development of free and open-source resources, documentation, tools, and technologies related to web application security.
- Compliance of PCI-DSS & PA-DSS (as applicable) for Merchant’s Applications & Infrastructure
- Agreement with Merchant In-Regards to Security & Privacy of Customer Data
- Review of Periodic Security Assessment Reports & Risk Assessment Reports on Contract Renewal
Security, Fraud Prevention and Risk Management Framework
- Strong risk management system – Prevent fraud and ensure customer protection.
- Adequate information and data security infrastructure and systems for prevention and detection of frauds.
- Implementation of board approved information security policy.
- Implement baseline technology-related recommendations in Annexure 2.
- Mechanism for monitoring, handling and follow-up of cyber security incidents and breaches.
- Comply with data storage requirements as applicable to Payment System Operators (PSOs).
- System Audit Report, including cyber security audit conducted by CERT-In empanelled auditors.
Baseline Technology-related Recommendations
- Information Security Governance
- Data Security Standards
- Security Incident Reporting
- Comprehensive Security Assessment during Merchant Onboarding
- Cyber Security Audit and Reports: Quarterly Internal Audits, Annual External Audit Reports, Bi-Annual Vulnerability Assessment / Penetration Test (VAPT) reports, PCI-DSS including Attestation of Compliance (AOC) & PCI-DSS including Report of Compliance (ROC) compliance report
- Board Approved Information Security Policy
- Board Approved IT Governance Policy
- IT Steering Committee
- Enterprise Information Model
- Cyber Crisis Management Plan
- Enterprise Data Dictionary
- Risk Assessment
- Access to Application
- Competency of Staff
- Vendor Risk Management
- Maturity and Roadmap
- Cryptographic Requirement
- Forensic Readiness
- Data Sovereignty
- Data Security in Outsourcing
- Payment Application Security
Compliance Submissions
- Annual – IS Audit Report and Cyber Security Audit Report
- As Needed – Cyber Security Incident Reports
What we do
RNR’s services for payment aggregators can improve their security posture and reduce their risk of being attacked. For further details please get in touch with us now and safeguard your payment gateways.
What is Application Security?
Effective Security Testing Safeguards your Applications from Cyber Threats & Vulnerabilities
RNR Application Security Testing helps in identifying vulnerabilities in your application, providing comprehensive coverage for both web and mobile application infrastructure, online services, and minimizing risks to comply with regulatory standards. Our approach to application security goes beyond just scanning for software issues. We focus on identifying and prioritizing the most vulnerable areas of your online application and offer practical solutions.
Leave us message