Free Consultant

+36 55 540 069
logotype
RBI Guidelines for Payment Aggregators and Payment Gateways
Home RBI Guidelines for Payment Aggregators and Payment Gateways

RBI Guidelines for Payment Aggregators and Payment Gateways

As a CERT-In Empanelled Security Auditor, Security Brigade is authorised to help you understand, manage and comply with RBI Guidelines & Circulars that are released on a periodic basis. As on March 17th 2020, the RBI has released new guidelines for Payment Aggregators and Payment Gateways, which include specific clauses and requirements pertaining to Cyber Security. The following is a quick summary of some of the key points and requirements from the RBI Guidelines for Payment Aggregators and Payment Gateways. Download Our Whitepaper to learn more about the Cyber Security Framework and how Security Brigade can help you comply with RBI’s mandates.

Responsibility Of Merchant’s Security

The Open Web Application Security Project is an online community dedicated to the creation of free, open-source publications, documentation, tools, and technologies in the field of Web application security.

  • Compliance of PCI-DSS & PA-DSS (as applicable) for Merchant’s Applications & Infrastructure
  • Agreement with Merchant In-Regards to Security & Privacy of Customer Data
  • Review of Periodic Security Assessment Reports & Risk Assessment Reports on Contract Renewal

Security, Fraud Prevention and Risk Management Framework

  • Strong risk management system – Prevent fraud and ensure customer protection.
  • Adequate information and data security infrastructure and systems for prevention and detection of frauds.
  • Implementation of board approved information security policy.
  • Implement baseline technology-related recommendations in Annexure 2.
  • Mechanism for monitoring, handling and follow-up of cyber security incidents and breaches.
  • Comply with data storage requirements as applicable to Payment System Operators (PSOs).
  • System Audit Report, including cyber security audit conducted by CERT-In empanelled auditors.

Baseline Technology-related Recommendations

  • Information Security Governance
  • Data Security Standards
  • Security Incident Reporting
  • Comprehensive Security Assessment during Merchant Onboarding
  • Cyber Security Audit and Reports: Quarterly Internal Audits, Annual External Audit Reports, Bi-Annual Vulnerability Assessment / Penetration Test (VAPT) reports, PCI-DSS including Attestation of Compliance (AOC) & PCI-DSS including Report of Compliance (ROC) compliance report
  • Board Approved Information Security Policy
  • Board Approved IT Governance Policy
  • IT Steering Committee
  • Enterprise Information Model
  • Cyber Crisis Management Plan
  • Enterprise Data Dictionary
  • Risk Assessment
  • Access to Application
  • Competency of Staff
  • Vendor Risk Management
  • Maturity and Roadmap
  • Cryptographic Requirement
  • Forensic Readiness
  • Data Sovereignty
  • Data Security in Outsourcing
  • Payment Application Security

Compliance Submissions

  • Annual – IS Audit Report and Cyber Security Audit Report
  • As Needed – Cyber Security Incident Reports

What is Application Security?

Effective Security Testing Safeguards your Applications from Cyber Threats & Vulnerabilities

RNR Application Security Testing helps you detect application vulnerabilities, provide full coverage for Web and Mobile application infrastructure and online services, and reduce risks to meet regulatory compliance requirements. Our Application Security Methodology extends beyond scanning software detection to identify and prioritize the most vulnerable aspects of your online application, as well as come up with practical Solutions.

Leave us massage

How May We Help You!