(a) and (b) : Yes, Sir.
1. Government and RBI have taken various steps to strengthen the Digital payment Infrastructure and Grievance redressal mechanisms as mentioned in Annexure.
2. Grievance Redressal Mechanism Guidelines, released by RBI for banks (Circular number DBR No.Leg.BC. 21/09.07.006/2015-16 dated July 1, 2015) are available at the below given RBI website link:
https://rbidocs.rbi.org.in/rdocs/notification/PDFs/59FM04072F58B1DD44DFADD486B9B0A59E9D.PDF
3. The Banking Ombudsman Scheme, released by RBI is available at the below given RBI website link:
https://rbidocs.rbi.org.in/rdocs/Content/PDFs/BOS2006_2302017.pdf
4. On Grievance Redressal of complaints related to Digital payments, NPCI has set up a call center for redressing the complaints related to digital payments using BHIM app. Banks have helplines for the redressal of complaints.
(c),(d) and (e): Yes, Sir. Government has launched time bound initiatives to promote digital payments, as follows:
• Government has targeted to achieve target of 2,500 crore digital transactions for 2017-18 using all digital payment modes.
• The Government vide Cabinet Secretariat Notification No.1/21/1/2017.Cab dated 15-2-2017 has amended the Allocation of Business Rules, 1961 and Ministry of Electronics and Information Technology (MeitY) has been assigned the responsibility of “Promotion of Digital Transactions including Digital Payments”. For promotion of digital payments, DigiDhan mission has been set up at Ministry of Electronics and IT (MeitY).
• MeitY is working with multiple stakeholders including Banks, Central Ministries/Departments and States on various strategies and taking all necessary measures for providing the enabling eco-system to support digital payments across the country.
• For promotion of digital payments, Government has launched three incentive schemes, valid till 31st March, 2018, pertaining to promotion of digital payments using BHIM app and Platform. Scheme notifications are available at the below mentioned links:
http://meity.gov.in/incentivepromotional-schemes
• For promotion of digital payments, Government has taken the decision to absorb MDR charges of transactions using Debit cards, BHIM-UPI and AePS (BHIM Aadhaar Pay) from 1st January, 2018 to 31st December, 2019.
• The details of departments/establishment provided with digital payments are available on the respective portals.
*******
Annexure
It has been the endeavour of Government and Reserve Bank of India to promote digital transactions and electronic payments / fund transfers. To this end various policy measures have been initiated by Reserve Bank of India to set up different payment systems to meet the payment needs of different segment of users and also to ensure safety and security of transactions..
I. Measures / Recent initiatives by Reserve Bank of India:
Reserve Bank of India has enabled electronic payments through Unified Payment Interface (UPI), Unstructured Supplementary Service Data (USSD), BHIM (Bharat Interface for Money) & BHIM Aadhaar Pay etc. Department of Payment and Settlement Systems, Reserve Bank of India (RBI) has given approval to (National Payment Corporation of India) NPCI for launching & operation of following Payment Systems:
1. Unified Payment Interface (UPI) –
RBI has given approval to NPCI to go-live for UPI on August 24, 2016. UPI enables inter-operability among mobile banking applications of different banks, facilitates merchant pull payments besides offering convenience to customers to transact using the UPI app of any bank while the accounts may be maintained at the different bank.
2. UPI: Launching of Common App (BHIM) from NPCI for members–
NPCI has been accorded approval by DPSS on Dec.22, 2016. Some of its salient features are as follows:
? It is a common standardized app available on Android and iOS platform with minimum functionality (basic facilities, viz. send and receive money) in 13 languages (Assamese, Bengali, English, Gujarati, Hindi, Kannada, Malayalam, Marathi, Punjabi, Tamil, Telugu, Odia and Urdu).
? The common app will connect to the existing UPI platform for processing the transactions.
? Customers will be on-boarded using 2-factor authentication done by customer’s bank. App will allow customers to register their mobile number and get mobile-no@UPI, i.e., a common handle @UPI.
? BHIM supports remittance transactions – both push and collect.
? Transactions in UPI and BHIM systems have to be authenticated with a PIN / MPIN which is set by the customer.
These systems also have the facility to set transaction limits and appropriate velocity checks.
3. Revised Architecture of Unified USSD Platform (*99#) i.e. USSD 2.0
NPCI has been accorded approval by RBI on Dec.28, 2016 to introduce the USSD 2.0 version. This also integrates UPI based transactions for USSD users through any type of handset.
The salient features of the USSD 2.0 Version are as follows-
? It integrates UPI based transactions for USSD users through any type of handset.
? Through this integrated platform USSD merchant / customer can receive money by giving his mobile number to another USSD merchant / customer.
? Every customer on-boarded on USSD will by default, get UPI handle as mobile no@UPI to send and receive money from UPI smartphone merchant or customer.
? USSD 2.0 platform will have ability to remember customer’s bank and customer has option to change his bank.
? The existing limit of Rs.5000/ per transaction / per day will remain unchanged.
? The settlement will be done in the by UPI.
4. Aadhaar Pay – In Principle Approval
NPCI has been accorded in-principle approval by RBI for launch of Pilot for the Aadhaar Pay payment mechanism. This will enable the merchant to accept payments from customers using their Aadhaar number and biometric data which will be authenticated by the UIDAI. The transactions will be part of the existing Aadhaar Enabled Payment System (AEPS) which is operated by the NPCI with approval from RBI. BHIM Aadhaar Pay has been launched on April 14, 2017.
5. National Electronic Toll Collection (NETC)
NPCI has also been given in-principle approval for launching the NETC system which uses the RFID tags for vehicle identification and toll calculation; the toll will be automatically deducted from the prepaid accounts linked with the respective RFID tag.
6. Master Direction on Issue and Operation of Prepaid Payment Instruments - Department of Payment and Settlement Systems, Reserve Bank of India has issued Master Directions on Issuance and Operation of Prepaid Payment Instruments on October 11, 2017.
Master Direction has been issued in the light of developments in the field, progress made by PPI Issuers, experience gained and with a view to foster innovation and competition, ensure safety and security, customer protection, etc.
II. Instructions on Risk and Mitigation Measures issued by Department of Payment and Settlement Systems, Reserve Bank of India are as follows-
Department of Payment & Settlement Systems, Reserve Bank of India has issued instructions to banks and Payment System Operators to enhance the security and risk mitigation measures for (a) card transactions ( includes card based online transactions) and (b) electronic payment transactions (includes e-banking transactions). The details of the instructions issued are enumerated below:
1. Banks have been advised to provide online alerts for all card transactions (card present and card not present), vide, RBI circular dated February 18, 2009 and March 29, 2011 (copy enclosed).
2. Banks have been advised, vide, circular February 18, 2009 and December 31, 2010 (copy enclosed) to put in place a system of providing additional factor of authentication (2FA) for all card not present transactions using the information which is not available on the card.
3. Department of Payment & Settlement Systems, Reserve Bank of India also issued circulars dated February 28, 2013 and June 24, 2013 (copy enclosed) for securing electronic (online and e-banking) transactions advising banks to introduce additional security measures, as under:
i. Customer induced options may be provided for fixing a cap on the value / mode of transactions/beneficiaries. In the event of customer wanting to exceed the cap, an additional authorization may be insisted upon.
ii. Limit on the number of beneficiaries that may be added in a day per account could be considered.
iii. A system of alert may be introduced when a beneficiary is added.
iv. Banks may put in place mechanism for velocity check on the number of transactions effected per day/ per beneficiary and any suspicious operations should be subjected to alert within the bank and to the customer.
v. Introduction of additional factor of authentication (preferably dynamic in nature) for such payment transactions should be considered.
vi. Sub-membership of banks to the centralised payment systems has made it possible for the customers of such sub-members to reap the benefits of the same. Banks accepting sub-members should ensure that the security measures put in place by the sub members are on par with the standards followed by them so as to ensure the safety and mitigate the reputation risk.
vii. Banks may explore the feasibility of implementing new technologies like adaptive authentication, etc. for fraud detection.
III. National Electronic Fund Transfers – Starting July 10, 2017, banks (vide circular DPSS.CO.EPPD.No. 2612/04.03.01/2016-17 dated May 08,2017) have been instructed to put in place a system for half hourly settlements of NEFT to enhance the efficiency of the system adding to customer convenience. It will take the total number of half hourly settlements during the day to 23.
IV. Customer Grievance Redressal –Given the customer centric focus of payment systems developments in the country, the policy guidelines, instructions etc. also address the customer grievance redressal aspects of these systems. Some of the recent measures includes the Prepaid Payment instruments (PPI ) where in Para 16 of the Master Direction deals with “Customer Protection & Grievance Redressal frame work to be put in place by PPI Issuers. Copy of PPI Master Direction is enclosed.
Further the various payment systems operated by NPCI with the approval of RBI also have the necessary feature of dispute resolution mechanism arising from customer grievances.
V. 1. For Non-Bank Entities operating Payment Systems in India, in order to ensure that the technology deployed to operate the payment system/s authorised is/are being operated in a safe, secure, sound and efficient manner, RBI has, vide circulars DPSS.AD.No.1206 / 02.27.00 / 2009-2010 dated December 7, 2009 and DPSS.1444 / 06.11.001 / 2010-2011 dated December 27, 2010 which was subsequently amended vide circular DPSS.CO.OSD.No.2374 / 06.11.001 / 2010-2011 dated April 15, 2011 (copy is available on https: // www .rbi. org. in / scripts / FS_Notification. aspx?Id = 6344&fn=9&Mode=0), mandated System Audit to be done on an annual basis by Certified Information Systems Auditor (CISA), registered with Information Systems Audit and Control Association (ISACA) or by a holder of a Diploma in Information System Audit (DISA) qualification of the Institute of Chartered Accountants of India (ICAI). Further, the scope of the System Audit should include evaluation of the hardware structure, operating systems and critical applications, security and controls in place, including access controls on key applications, disaster recovery plans, training of personnel managing systems and applications, documentation, etc. The audit should also comment on the deviations, if any, in the processes followed from the process flow submitted to the Reserve Bank while seeking authorization.
2. Further, with a view to address the issue of cyber resilience, RBI had, vide circular DPSS.CO.OSD.No.1485/06.08.005/2016-17 dated December 9, 2016 (copy is available on https : // www .rbi. org. in / scripts / FS_Notification .aspx?Id= 10772& fn =9&Mode=0), instructed all authorised entities / banks issuing PPIs in the country to:
(i) Carry out a special audit by the empanelled auditors of Indian Computer Emergency Response Team (CERT-In) on a priority basis and take immediate steps thereafter to comply with the findings of the audit report. The audit should cover compliance as per security best practices, specifically the application security lifecycle and patch/vulnerability and change management aspects for the system authorised and adherence to the process flow approved by the Reserve Bank. Banks may also be guided by the circular DBS.CO/CSITE/BC.11/33.01.001/2015-16 on Cyber Security Framework in Banks dated June 02, 2016.
(ii) Take appropriate measures on mitigating phishing attacks considering that the new customers are likely to be first time users of the digital channels. Safety and security best practices may be disseminated to the customers periodically.
(iii) Implement additional measures dynamically depending upon the risk perception or threats as they emerge.
3. An Inter-Ministerial Committee on Phone Frauds (IMCPF) has also been constituted by the Government of India to assess various aspects of dealing with phone frauds. The Committee is headed by Shri T. V. S. N. Prasad, Additional Secretary, Ministry of Home Affairs with representatives from Ministry of Electronics & IT, Department of Financial Services, Department of Telecommunications, Intelligence Bureau and Reserve Bank of India.
*******
Download PDF Files
