The Reserve Bank of India has circulated new guidelines on 17th March 2020 related to the Regulation of Payment Aggregators and Payment Gateways. These guidelines mandate the Payment Aggregators and Payment Gateways to get authorization from RBI, by obtaining the settlement of payment to the merchant at fixed transaction time. The guidelines are the detailed technical and operational for Payment Aggregators and Payment Gateways that includes merchant onboarding, customer data access, audit obligations, and data sovereignty. Through these guidelines, RBI decided to regulate the activities of payment aggregators and assist them by providing baseline technology related to payment gateways.
What is RBI Payment Aggregators & Payment Gateway Audit?
In March 2020, all the existing non-banks Payment Aggregators are required to take the authorization from RBI before 30th June 2021. From now, the Payment Aggregators and Payment Gateways will be regulated by RBI to ensure the safety of all the online transactions.
The Key aspects that RBI is going to include in their guidelines are described below.
- Non-Banks Payment Aggregators will have the minimum net worth of Rs 15 Crore which also varies up to INR 25 crore by the end of the financial year.
- The Payment Aggregators required baseline technology, which includes the implementation of Data Security standards, Cybersecurity audits, incident reporting, and framing IT policies.
- E-commerce organization with a Payment Aggregators business, need to take the authorized license and have to segregate Payment Aggregators into the separate entity.
- A non-bank Payment Aggregators have to be a complete company incorporated under the Act of the organization with the PA activity forming a party.
- In case of any takeover or acquisition of control or any change in upper management of non-bank Payment, Aggregators have to communicate with the Chief General Manager of RBI within 15 days of the change.
- The RBI also gives the format of authorization which includes net-worth certificate director's undertaking, auditor certificate while maintaining the balance on an escrow account, and a format for storing the data of transaction handled by Payment Aggregators every month.
RBI Payment Aggregators & Payment Gateway Audit provide many benefits described below.
The activities performed by the Payment Aggregators and Payment Gateways while making online transactions are very crucial, this will fix all the vulnerabilities present.
New Security Methods
The present guidelines for Payment Aggregators and Payment Gateways are not sufficient and Over 10 years no major complaints have been recorded, therefore to ensure customer security and privacy RBI took this step.
Directed by RBI
The primary business of Payment Aggregators and Payment Gateways have not come in the regulation of ambit of RBI. Therefore separation of these entities is required while maintaining the proper regulations.
Get Total Access
The customer may not have full access to the Payment Aggregators and Payment Gateways, they have to stay on merchant and banks. This will also resolve this and provide a proper resolution.
Detailed Roles and Liabilities
There is the need for proper delineation of roles and responsibility among the merchants and the customer, by these guidelines the Payment Aggregators and Payment Gateways have to handle the customer data in a more secured way.
Deploy Updated Technology
Technology may vary from entities and architecture and the updated technology for Payment Aggregators and Payment Gateways assists the customers and enhances their experience
What We Deliver ?
Xiarch offers the Information Security (IS) audit service specifically addressing the RBI requirements towards Information System (IS) Audits. To ensure compliance with the RBI IS Audit guidelines, our process incorporates the scoping guidelines from Reserve Bank of India.
Our experts will furnish an itemized security evaluation report with legitimate remediation steps to be taken.
Distinguish Security Weaknesses inside your Digital Asset permitting you to proactively remediate any issues that emerge and improve your security act.
Constantly updating Vulnerability Information to stay in touch with the emerging threat landscape.
Receive overview and trend data of all of the current security issues you face in your organisation. All viewable on an Digital Report.
We also assured you that your assessments are executed by Qualified Experts.
Our group of security specialists holds industry capabilities, for example, CHECK Team Member and Team Leader, CEH, ECSA, OSCP, CISA, CISSP, and many more.
Why Xiarch ?
Xiarch is a CERT-IN Empanelled & ISO 9001:2015 | ISO 27001-2013 Licensed Cyber Security Company and IT Services Company with solutions providers in Information Security like VAPT Services, Penetration Testing Services, Vulnerability Assessment Services, Among our consumers we proudly work for Government Organizations, Fortune one thousand Companies and countless start-up companies. We are additionally Value Added Partners, Authorized Re-sellers & Distributor of Leading Web Application Security Testing Tools.
We are headquartered in Delhi and have branch presence in Gurugram and Mumbai - India
Few Customer Testimonials
Our clients like us for our specialized abilities, administration quality and polished methodology. Sharing their great words is a delight for us.
Trusted by Thousand of Brands
Get In Touch With Us
Test the effectiveness of your own security controls before malicious parties do it for you. Our security experts are here to help — schedule a call today.
Xiarch Security is an global security firm that educates clients, identifies security risks, informs intelligent business decisions, and enables you to reduce your attack surface digitally, physically and socially.
Certified Security Experts
Our security experts are exceptionally qualified and confirmed by CEH, ECSA, OSCP, CISA, CISSP, and numerous others.
Communication & Collaboration
After surveying the code our specialists shared the best answers to correct them. Our experts will communicate with you for any further implementations.
We hold industry-leading certifications and dedicate part of every day to research the latest exploit techniques to ensure our clients remain protected from evolving online attacks.
Free Remediation Testing
Once your team addresses remediation recommendations, Xiarch will schedule your retest at no additional charge.