RBI releases Report: Enabling PKI in Payment System
Cognisant of the fact that non-PKI enabled payment systems, such as, clearing (MICR/Non MICR), electronic credit system, credit card and debit cards
The Reserve Bank of India has today released, on its website for public comments, the Report of the Technical Committee on Enabling Public Key Infrastructure (PKI) in Payment System Applications. The comments may be emailed or sent by post to the Chief General Manager-In-Charge, Department of Information technology, Reserve Bank of India, Central Office, 14th Floor, Shahid Bhagat Singh Marg, Mumbai–400001 on or before February 28, 2014.
Cognisant of the fact that non-PKI enabled payment systems, such as, clearing (MICR/Non MICR), electronic credit system, credit card and debit cards contributed 75 per cent in volume terms but only 6.3 per cent in value terms in the year 2012-13, the Group has suggested that in order to ensure a safe, secure payment system in the country and to ensure legal compliance, digital technology, such as, PKI may be used.
The report also highlights, among other things, security features in existing payment system applications and feasibility in implementing PKI in all payments system applications. The Group has also recommended that banks may carry out in phases PKI implementation for authentication and transaction verification.
Payment systems are subjected to various financial risks, such as, credit risk, liquidity risk, systemic risk, operational risk, legal risk. As customers continue to increasingly adopt electronic payment products and delivery channels for their transactional needs, it is necessary to recognise that security and safety have to be robust. Any security related issues resulting in fraud have the potential to undermine public confidence in the use of electronic payment products which will impact their usage. Necessary measures to strengthen security have to be taken as such attacks are growing in scale and sophistication. Against this background, the Reserve Bank of India had, in September 2013, constituted a group to prepare an approach paper for enabling PKI for Payment Systems in India comprising members from banks (State Bank of India and ICICI bank), Institute for Development and Research in Banking Technology-Certifying Authority (IDRBT-CA), Controller of Certifying Authority (CCA), New Delhi and Reserve Bank of India [(Department of Technology (DIT), Department of Payment and Settlement Systems (DPSS), Department of Government and Bank Accounts (DGBA) - Core Banking Solution (CBS) and Chief Information Security Officer (CISO)].