Information Technology (Security of Prepaid Payment Instruments) Rules 2017

March 14, 2017    

Introduction

Union Ministry of Electronics and Information Technology issued draft guidelines for electronic payment transactions through prepaid payment instruments (PPIs) like mobile wallets, smart cards, paper vouchers, etc. under provisions of Information Technology Act, 2000, on March 08, 2017 and has invited comments before the enactment of these rules from the general public and stake holders on the draft guidelines by March 20, 2017 for having wide consultations under the “Draft IT (Security of Prepaid Instruments) Rules, 2017”.

Purpose of the Rule

The purpose behind issuing these draft guidelines is the serious intention of the Union Government to promote cashless economy i.e. electronic payments; and to ensure the confidentiality, integrity, safety, security of the transactions through PPIs, popularly known as e-wallets, involving various digital payment systems of various digital wallet companies. These draft rules when enacted shall be applicable to all digital wallet companies like Paytm, FreeCharge, Mobikwik, etc and those issuing smart cards, paper vouchers, magnetic strip cards, internet wallets, mobile accounts, mobile wallets or any such instrument.

Guidelines of the Draft

End-to-End Encryption

These draft guidelines have proposed that PPI issuer companies must ensure end-to-end encryption of the data exchanged and emphasized that these companies must assist their user customers for safe and secure use of PPIs in simple language – that could be understood by a reasonable person; besides explaining their privacy and security policy – framed according to the rules and regulatory standards set by the Union Government; and terms of use of their payment system on the company’s website ensuring that the system used by them is secured; appointment of Chief Grievance Officer (CGO) with contact numbers to whom the customer could contact in case of redressal of his/her complaint with respect to the transaction. The CGO must initiate action within 36 hours of the complaint lodged and the complaint must be resolved within one month of the receipt of such complaint.

Robust Risk Management System

The security measures of these companies must develop a Robust Risk Management System and also make a risk assessment to find out security risks involving data protection as well as safety of funds involved; besides these companies must ensure adequate due diligence before issuing PPIs. These companies must establish a mechanism in order to monitor, handle and follow-up of cyber incidents and breaches that may occur.

Review and Revamp of the security measures

The digital wallet companies shall review and revamp the security measures in the light of the grievances, incidents and breaches or before any major change in their infrastructure or procedural methodology - at least once in a year. These companies shall store the user information such as address and contact number of the customer and financial data, such as bank balance of the customer, for a specific period of time to be decided by the Union Government and this user information they cannot disclose to anyone without prior consent of the Government except in cases where these companies may have to disclose a user’s information to the statutory authorities if it is so required.

Two-factor authentication

These companies must adopt a two-factor authentication for transactions in order to identify the customers at the time of registration. In specific cases, Union Government may “exempt” the two-step authentication.

Conclusion

Overall, these guidelines ensure that although all payment instruments are regulated under RBI rules and regulations yet the rules related to carrying out the PPIs involving electronic transactions shall have to be regulated as per the IT Act, 2000 along with IT (Security of Prepaid Instruments) Rules, 2017.
SBI PO Smart Prep Kit by Ramandeep Singh - Get here
notifications

Bank Exams Today Notes

Join 40,000+ readers and get free notes in your email

Let's block ads! (Why?)



- http://www.bankexamstoday.com/2017/03/information-technology-security-of.html
Information Technology (Security of Prepaid Payment Instruments) Rules 2017 4.5 5 Yateendra sahu March 14, 2017 Introduction Union Ministry of Electronics and Information Technology issued draft guidelines for electronic payment transactions through...


Related Post:

  • List of Important Days With Themes
    August 2019 Date Day Theme 1st Aug to 7th Aug 2019 World Breastfeeding Week Theme: “Empower Parents, Enable Breastfeeding”. 6th August 2019 Hiroshima Day To remembrance of the first atomic bombing of the world by the United… Read More
  • Happy Teachers Day - Get 15% Discount on All Courses
    A good teacher can inspire hope, ignite imagination and instil the love of learning.           - Brad Henry On every 5th September, Teachers day is celebrated to appreciate and acknowledge the hard work and dedicati… Read More
  • List of Summits and Conferences: 2018-19
    August 2019 Name of the Summit and Conference Organized/ Led by Venue Aim/ Theme 22nd National Conference on e-Governance, 2019 Department of Administrative Reforms & Public Grievances (DARPG) Shillong, Meghalaya To share b… Read More
  • Monthly One-Liner GK Digest: August 2019
    Dear Readers, We are releasing the monthly One-Liner GK Digest Capsule for August 2019. The PDF file covers important topics like banking, awards and honours, National, International Events, Appointments MoUs and Agreements, Index and Ranking, News… Read More
  • Corporate Bond Market in India
    Corporate bonds are debt securities issued by private and public corporations. These are issued to raise money for a variety of purposes, such as building a new plant, purchasing equipment, or growing the business. Successive budgets and various c… Read More
Load comments

No comments:

Post a Comment