With the increased inclination of people towards cashless transactions, the concerns over the security of customer’s data and the responsibility of the service providers accountable for facilitating such transactions has increased considerably.
Keeping in mind the interest of common people and the risks they would subject themselves to while availing the facilities of virtual transaction methods, the Reserve Bank of India has laid down a framework for the payment system providers so that the customers can rely on the proper and risk-free transaction methods.
What Is RBI PSS Audit?
Reserve Bank of India is responsible for controlling the Banking Payment and Settlement System in India under Payment Settlement Act 2007. Accordingly, RBI provides a certificate of authorization to any company setting up and operating a payment system in India. In order to remain authorized, a payment company must comply with stipulated RBI requirements to ensure that the technology deployed to operate the payment system is safe, secure and efficient, and as per the approved process flow. An RBI PSS audit evaluates security and controls, hardware, operating systems, applications, access controls, and disaster recovery, among other aspects.
The systems included under this procedure are Electronic Clearing Service Credit, Electronic Clearing Service Debit, Electronic Funds Transfer, Regional Electronic Clearing Service, Real Time Gross Settlement System, Pre-paid Payments System, Mobile Banking System.
Any Discrepancy from the regulations and contravention organized by RBI is a punishable crime. In that situation, if the system provider disobeys the rules and regulations or decline to fall in consent with the orders and directions or is discover to disregard the rules and regulations which the approval was conceded to them, then the authority can be dismantled by RBI.
Scope of the Audit
The scope of the RBI Payment System Audit consists of evaluation of the:
- Structure of the hardware
- Critical Applications
- Operating Systems
- Implemented security measures and controls
- All access controls, such as, disaster recovery plans and key applications
- Training of applications and employees managing systems
Key Requirements for RBI PSS Compliance
- All payment systems, authorized under the Payment and Settlement Systems Act 2007, need to get done a periodic auditing of their systems
- Every system provider shall operate the payment system in accordance with the provisions of the PSS Act and the rules and regulations which deal with the operation of payment system
- The system providers shall disclose the terms and conditions, including the charges and limitations of liability to their existing or potential system participants
- To ensure the safety of the customers, the audit should ensure that the technology deployed for the operation of the payment system is working in a safe, secure and efficient manner in accordance with the approved process flow
- The evaluation of hardware, structure, operating systems, and critical application should be considered under the scope of system audits
- The system providers are required to act in accordance with the contract governing the relationship between the system participants and the rules and regulations which deal with the operation of payment system
- The services should also include security and controls to be in place, increased access controls in key applications, a proper disaster recovery plan, training of personnel managing systems and applications, among other things
What We Deliver ?
Xiarch offers the Information Security (IS) audit service specifically addressing the RBI requirements towards Information System (IS) Audits. To ensure compliance with the RBI IS Audit guidelines, our process incorporates the scoping guidelines from Reserve Bank of India.
Our experts will furnish an itemized security evaluation report with legitimate remediation steps to be taken.
Distinguish Security Weaknesses inside your Digital Asset permitting you to proactively remediate any issues that emerge and improve your security act.
Constantly updating Vulnerability Information to stay in touch with the emerging threat landscape.
Receive overview and trend data of all of the current security issues you face in your organisation. All viewable on an Digital Report.
We also assured you that your assessments are executed by Qualified Experts.
Our group of security specialists holds industry capabilities, for example, CHECK Team Member and Team Leader, CEH, ECSA, OSCP, CISA, CISSP, and many more.
Why Xiarch ?
Xiarch is a CERT-IN Empanelled & ISO 9001:2015 | ISO 27001-2013 Licensed Cyber Security Company and IT Services Company with solutions providers in Information Security like VAPT Services, Penetration Testing Services, Vulnerability Assessment Services, Among our consumers we proudly work for Government Organizations, Fortune one thousand Companies and countless start-up companies. We are additionally Value Added Partners, Authorized Re-sellers & Distributor of Leading Web Application Security Testing Tools.
We are headquartered in Delhi and have branch presence in Gurugram, Mumbai and Chennai - India
Few Customer Testimonials
Our clients like us for our specialized abilities, administration quality and polished methodology. Sharing their great words is a delight for us.
Trusted by Thousand of Brands
Get In Touch With Us
Test the effectiveness of your own security controls before malicious parties do it for you. Our security experts are here to help — schedule a call today.
Xiarch Security is an global security firm that educates clients, identifies security risks, informs intelligent business decisions, and enables you to reduce your attack surface digitally, physically and socially.
Certified Security Experts
Our security experts are exceptionally qualified and confirmed by CEH, ECSA, OSCP, CISA, CISSP, and numerous others.
Communication & Collaboration
After surveying the code our specialists shared the best answers to correct them. Our experts will communicate with you for any further implementations.
We hold industry-leading certifications and dedicate part of every day to research the latest exploit techniques to ensure our clients remain protected from evolving online attacks.
Free Remediation Testing
Once your team addresses remediation recommendations, Xiarch will schedule your retest at no additional charge.