The Reserve Bank of India has proposed stricter norms regarding payment security, imposing more responsibility on banks and other related entities for apps provided by third parties. In a new directive on digital payments security control, it has required banks that use third-party apps for digital transactions to have the apps’ source code in escrow should the vendor be unable to provide services. It further require banks to do security testing, including review of source code, vulnerability assessment and penetration testing of their digital payment apps
Another requirement is that banks and other regulated entities do reconciliation of payments in real time or near real time, which should not be later than 24 hours from the receipt of settlement files for detection and prevention of suspicious transactions. The new directions apply to all commercial banks, small finance banks, payment banks and credit card-issuing non-banking financial companies (NBFCs).