Additional Safety Features – UPI - ‘Balance Enquiry’ option may not be visible in Google TeZ or PhonePe

-


          Do not be surprised, if the ‘Balance Enquiry’ option is not visible in Google TeZ or PhonePe


          The popularity of UPI is growing by leaps and bounds. The number of high-profile internet companies in line to enter the UPI bandwagon is high.

          This has prompted National Payments Corporation of India (NPCI) to take steps to safeguard sensitive customer’s financial information.

          NPCI vide its Cir No. NPCI/UPI/OC No. 44/2017-18 dt. January 11th 2018, has reiterated two important guidelines.

          Guideline 01) Balance Inquiry in UPI – Optional for PSP & 3rd party UPI enabled App.

          Guideline 02)  No storage or usage of Customer Account Balance by PSP Bank or 3rd party as ‘Customer Sensitive payment data’.

NPCI vide the above circular has made it clear that the  Security & integrity of customer data in the UPI framework is the responsibility of the PSP/Bank (Even in cases where the Bank/PSP & the outsourced technology service providers are different entities). Hence, respective banks have been advised to due diligence of their outsourced technology service provider as they are dealing with sensitive customer data.

NPCI has advised banks to refer to the following UPI circulars with regard to data storage, security and usage by the PSP/3rd party Apps:

Sr. UPI Circular # reference: Quote 1 NCI/UPI/OC No. 15/2016-17 Dated: 18th of January 2017
Point 6.c).h The PSP Bank should not share any customer data with merchant unless specified by industry regulator for e.g. SEBI, IRDA for brokers, mutual funds and Insurance.

2 NCI/UPI/OC No. 15A/2016-17 Dated: 27th of January 2017
Point 10 PSP Bank is not sharing any customer data with the merchant/P2P provider unless specified by industry regulator. E.g. SEBI, IRDA etc. (permitted only for specific regulated merchants). No authentication data shared outside PSP Bank.

3 NCI/UPI/OC No. 32/2017-18 Dated: 15th of September 2017
Point A. (Sub pint 2) & NCI/UPI/OC No. 15A/2017-18 Dated: 15th of September 2017
Sub point b) Storing customer data by app provider systems in Multi-bank model: We classify the data into two types, namely “Customer data” and “Customer payment sensitive data”:

2. Customer payment sensitive data:
Classified as customer account details (such as Account number) customer payment authenticationdata (such as device fingerprinting) required for authentication as first factor. This data can be only stored in PSP bank systems. Some of the data like account number can be shown in masked format to the customer on the app as per existing UPI PG.

Last 6 digits of the Debit Card, Expiry date of the debit card, UPI PIN, Issuer OTP should not be stored.

The ‘Balance enquiry’ feature to be moved from Default feature to Optional feature.

       The primary reason for this advise, is to ensure that ‘customers’ balance’, is stored only in the respective Bank’s database and not in any 3rd party database.

Further to the above the PSP Banks, Large 3rd party App providers under the Multi bank model and the 3rd party Apps/merchants under the Single SDK model may please note the following guidelines for compliance:

Customer account Balance is classified as customer sensitive data and accordingly, the following is being advised:

a. PSP Banks, Large 3rd party players, 3rd party Apps under Single SDK model shall provide Balance Inquiry option to the customer as an “optional feature” basis their internal risk assessment.


b. Customer account balance shall not be stored or put to any use by either the PSP Bank or 3 rd party for any purposes (Internal or external). The storage of customer account balance is not permitted even in encrypted format at the PSP & 3rd party systems / Apps.

Comments

Post a Comment

Popular posts from this blog

CERTIFICATE EXAMINATION IN INTERNATIONAL TRADE FINANCE

-
Image
          This certification is essential for all members of a Bank Trade Finance Department.   The syllabus covers key aspects required by team members to effectively discharge their duties. Trade Finance is one of the traditional forms of bank finance in India. In view of reforms and liberalisation, this has gained a new significance.   Many of the practices in trade finance have evolved over a period of time and some are guided by Ministry of Commerce and Reserve Bank of India, besides WTO and International Chamber of Commerce through UCPDC 600. With the increase in the volume of trade both domestically and internationally, there is a need for trade finance professionals from banks as well as corporates. The Objectives of this IIBF Examination is as under:   (i) To provide candidates with competencies required to function as trade finance practitioners. (ii) To enable candidates to possess the needed skill and knowledge to understand clients' needs
Read more

IIBF-Certificate Examination in Foreign Exchange Facilities for Individuals

-
          The primary objective this IIBF course is to make the branch officials familiar with the FEMA provisions that impact their day to day functioning at the branch level.     This exam is being introduced pursuant to the recommendation of a committee of RBI.           Normally foreign exchange transactions pertaining to individuals are handled at branches only and are not referred to specialised forex cells.           The course covers ‘Foreign Exchange Facilities for individuals under FEMA1999’ RBIs FAQs’ on Forex Facilities for Residents (Individuals) (updated up to November 21, 2014) For full details refer to Reserve Bank of India website: Introduction : The legal framework for administration of foreign exchange transactions in India is provided by the Foreign Exchange Management Act, 1999. Under the Foreign Exchange Management Act, 1999 (FEMA), which came into force with effect from June 1, 2000, all transactions involving forei
Read more

IIBF introduces Self-Paced E-learning courses (SPeL) for its two certificates

-
Image
          Indian Institute of Banking Finance (IIBF) has taken a quantum leap in disseminating knowledge to its members and non-members.           IIBF in April 2019, introduced the Self-Paced E-learning courses (SPeL) concept for banking enthusiasts to be familiar with banking concepts.           In the first stage, IIBF has launched   two certificate courses i.e 1. Digital Banking and 2. Ethics in Banking.           The objective of this self-paced e-learning mode are as follows: • Participants can make the best use of his or her time, in order to meet his or her learning objectives. • Participants can access the course   anywhere/anytime with an internet connection. • Participants need not travel to give their examinations. It saves time and money of the participants. • Opportunity to individuals to obtain new certifications; improve their knowledge in the subject. • With self-paced learning, subjects can be thought in different learning styles. Part
Read more