Government issues draft rules on e-wallet payments
The Ministry of Electronics and Information Technology (MEITY) has issued draft Information Technology (Security of Prepaid Payment Instruments) Rules 2017 for Prepaid Payment Instruments (PPI) company or e wallet firms. The draft rules seek to ensure integrity, security and confidentiality of electronic payments made through PPIs. It covers an entire spectrum for protecting consumer information, especially financial data. Key Features of the Rules Definition of e-PPI issuer: Person operating a payment system issuing prepaid payment instruments to individuals or organisations under the aegis of Reserve Bank of India (RBI). Information security policy: Mandatory for e-PPI issuers to develop an information security policy that ensures that the systems operated by them are secure. Privacy policy and terms: Mandatory for e-PPIs to publish on their websites and mobile applications both their ‘privacy policy’ and terms for use of their payment systems. Risk assessment: Mandatory for e-PPI to carry out risk assessment to spot security risks and also ensure adequate due diligence is done before issuing PPIs. Chief grievance officer: e-PPIs should appoint a chief grievance officer with his contact details prominently displayed on website. The officer must act upon any complaint within 36 hours and close it in a month’s time. End-to-end encryption e-PPIs shall ensure that end-to-end encryption is applied to safeguard the data exchanged. It shall retain data relating to electronic payments only till necessary. CERT-In’s responsibility: CERT-In (Indian Computer Emergency Response Team) shall notify the categories of incidents and breaches that are required to be reported to it mandatorily.
The Ministry of Electronics and Information Technology (MEITY) has issued draft Information Technology (Security of Prepaid Payment Instruments) Rules 2017 for Prepaid Payment Instruments (PPI) company or e wallet firms. The draft rules seek to ensure integrity, security and confidentiality of electronic payments made through PPIs. It covers an entire spectrum for protecting consumer information, especially financial data. Key Features of the Rules Definition of e-PPI issuer: Person operating a payment system issuing prepaid payment instruments to individuals or organisations under the aegis of Reserve Bank of India (RBI). Information security policy: Mandatory for e-PPI issuers to develop an information security policy that ensures that the systems operated by them are secure. Privacy policy and terms: Mandatory for e-PPIs to publish on their websites and mobile applications both their ‘privacy policy’ and terms for use of their payment systems. Risk assessment: Mandatory for e-PPI to carry out risk assessment to spot security risks and also ensure adequate due diligence is done before issuing PPIs. Chief grievance officer: e-PPIs should appoint a chief grievance officer with his contact details prominently displayed on website. The officer must act upon any complaint within 36 hours and close it in a month’s time. End-to-end encryption e-PPIs shall ensure that end-to-end encryption is applied to safeguard the data exchanged. It shall retain data relating to electronic payments only till necessary. CERT-In’s responsibility: CERT-In (Indian Computer Emergency Response Team) shall notify the categories of incidents and breaches that are required to be reported to it mandatorily.
No comments:
Post a Comment