In digital finance, security is paramount for trust and reliability. The Reserve Bank of India (RBI) acknowledges this importance and places significant emphasis on safeguarding digital payments in the country. In today’s digital landscape, RBI has implemented several measures to ensure the security of digital transactions. These include unique OTPs (one-time passwords) for new payees, individual OTPs for high-value transactions, and limited OTP timeframes. Alongside these measures, advanced encryption and authentication technologies, second-channel notifications, and risk-based transaction monitoring are employed to bolster security. Moreover, RBI uses various methods to enhance customer awareness, utilising digital, print, and audio-visual media platforms, exemplified by the “RBI Kehta Hai” programme.
“RBI has provided guidelines on digital payment security to banks and regulated entities, emphasising the importance of safeguarding customer data. To promote safe digital transactions, RBI advises the public against sharing sensitive information like card details, passwords, PINs, OTPs, CVVs, and UPI PINs. Additionally, they caution against conducting financial transactions over public Wi-Fi networks and storing banking data on mobile devices, email, electronic wallets, or physical wallets,” says AK Narayanan, CEO of AK Narayan Associates, a financial planning firm.
RBI’s measures for securing digital transactions include:
Requiring specific OTPs from a secondary channel to add new payees and enhance security.
Mandating new OTPs for high-value transactions to increase security.
Managing OTP time limits carefully to minimise misuse.
Employing digital signatures and Key-based Message Authentication Codes (KMAC) to prevent unauthorised transactions.
Educating customers about their rights under the Consumer Protection Act and the risks associated with internet banking.
Notifying customers through an alternate method for transactions above a specified value.
Teaching customers how to respond to SSL or EV-SSL certificate alerts to prevent phishing attacks.
Implementing systems to analyse transaction patterns and identify unusual activities to ensure alignment with the customer’s typical behaviour.
Also, RBI’s latest tokenisation regulation ensures that the payment system infrastructure is operational, efficient and resilient to emerging cyber threats. Tokenisation substitutes sensitive card details such as the card number and expiry date with a randomly generated encrypted string
known as the card token. After tokenisation, this unique card token can be used instead of actual card details to process payments, thereby eliminating the risk of exposing sensitive card information during transactions.
The RBI has also rolled out a fresh digital lending framework to shield customers from getting trapped in debt. According to this regulation, lenders are required to reveal all fees associated with a loan to the borrower. Additionally, all loan transactions will now occur directly between the borrower’s bank account and the regulated entity, removing any involvement of third parties.
