Technical Audit of Payment & Settlement Systems (PSS)

With the increased inclination of people towards cashless transactions, the concerns over the security of customer’s data and the responsibility of the service providers accountable for facilitating such transactions has increased considerably.

Ensure security and controls

Increased access controls

Disaster recovery plan

Technical Audit of Payment & Settlement Systems (PSS)

contact us

With the increased inclination of people towards cashless transactions, the concerns over the security of customer’s data and the responsibility of the service providers accountable for facilitating such transactions has increased considerably. Keeping in mind the interest of common people and the risks they would subject themselves to while availing the facilities of virtual transaction methods, the Reserve Bank of India has laid down a framework for the payment system providers so that the customers can rely on the proper and risk-free transaction methods.

Reserve Bank of India is responsible for controlling the Banking Payment and Settlement System in India under Payment Settlement Act 2007. Accordingly, RBI provides a certificate of authorization to any company setting up and operating a payment system in India. In order to remain authorized, a payment company must comply with stipulated RBI requirements to ensure that the technology deployed to operate the payment system is safe, secure and efficient, and as per the approved process flow. An RBI PSS audit evaluates security and controls, hardware, operating systems, applications, access controls, and disaster recovery, among other aspects.

 

 

 

The systems included under this procedure are Electronic Clearing Service Credit, Electronic Clearing Service Debit, Electronic Funds Transfer, Regional Electronic Clearing Service, Real-Time Gross Settlement System, Pre-paid Payments System, Mobile Banking System.

Key Requirements:

  • All payment systems, authorized under the Payment and Settlement Systems Act 2007, need to get done periodic auditing of their systems
  • Every system provider shall operate the payment system in accordance with the provisions of the PSS Act and the rules and regulations which deal with the operation of the payment system
  • The system providers shall disclose the terms and conditions, including the charges and limitations of liability to their existing or potential system participants
  • To ensure the safety of the customers, the audit should ensure that the technology deployed for the operation of the payment system is working in a safe, secure and efficient manner in accordance with the approved process flow
  • The evaluation of hardware, structure, operating systems, and critical application should be considered under the scope of system audits
  • The system providers are required to act in accordance with the contract governing the relationship between the system participants and the rules and regulations which deal with the operation of the payment system

The services should also include security and controls to be in place, increased access controls in key applications, a proper disaster recovery plan, training of personnel managing systems and applications, among other things.