Money & Banking

‘REs should incorporate secure, safe usage guidelines for digital payments’

Our Bureau. Mumbai | Updated on February 18, 2021

The Reserve Bank of India (RBI) wants regulated entities (REs) to make it mandatory for the consumer to go through secure usage guidelines vis-a-vis digital payment applications.

REs (all Scheduled Commercial Banks,excluding Regional Rural Banks/ Small Finance Banks/Payments Banks/ Credit Card issuing non-banking finance companies) should incorporate secure, safe and responsible usage guidelines and training materials for end users within the digital payment applications, the central bank said.

The regulated entities should also make it mandatory (that is not providing any option to circumvent/ avoid the material) for the consumer to go through secure usage guidelines (even in the consumer’s preferred language), per the RBI’s ‘Master Direction on Digital Payment Security Controls’.

The aforementioned step needs to be taken while obtaining and recording confirmation during the on-boarding procedure in the first instance and first use after each update of the digital payment application or after major updates to secure and safe usage guidelines.

Consumer grievances

The RBI asked REs to mention/ incorporate a section on the digital payment application clearly specifying the process and procedure (with forms/ contact information) to lodge consumer grievances. A mechanism to keep this information periodically updated should also be put in place. The reporting facility on the application should provide an option for registering a grievance.

The RBI wants customer dispute handling, reporting and resolution procedures, including the expected timelines for the RE’s response, to be clearly defined.

REs have to ensure that their customers are provided information about the risks, benefits and liabilities of using digital payment products and its related services before they subscribe to them.

“Customers shall also be informed clearly and precisely on their rights, obligations and responsibilities on matters relating to digital payments, and, any problems that may arise from its service unavailability, processing errors and security breaches.

“The terms and conditions, including customer privacy and security policy applying to digital payment products and services, shall be readily available to customers within the product,” according to the Master Directions

The RBI underscored that all digital channels are to be offered on express willingness of customers and shall not be bundled without their knowledge.

Fraudulent transactions

REs are required to provide a mechanism on their mobile and internet banking application for their customers to, with necessary authentication, identify/ mark a transaction as fraudulent for seamless and immediate notification to his RE.

On such notification by the customer, the REs may endeavour to build the capability for seamless/ instant reporting of fraudulent transactions to the corresponding beneficiary/ counterparty’s RE; vice-versa have mechanism to receive such fraudulent transactions reported from other REs.

The objective of this mechanism is to accelerate early detection and enable the banking/ payment system to trace the transaction trail and mitigate the loss to the defrauded customer at the earliest possible time.

RBI said the alerts and OTPs received by the customer for online transactions shall identify the merchant name, wherever applicable, rather than the payment aggregator through which the transaction was effected.

Per the Directions, REs should set down the maximum number of failed log-in or authentication attempts, after which access to the digital payment product/ service is blocked.

They should have a secure procedure in place to re-activate the access to blocked product/ service. The customer shall be notified for failed log-in or authentication attempts.

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

Published on February 18, 2021
  1. Comments will be moderated by The Hindu Business Line editorial team.
  2. Comments that are abusive, personal, incendiary or irrelevant cannot be published.
  3. Please write complete sentences. Do not type comments in all capital letters, or in all lower case letters, or using abbreviated text. (example: u cannot substitute for you, d is not 'the', n is not 'and').
  4. We may remove hyperlinks within comments.
  5. Please use a genuine email ID and provide your name, to avoid rejection.