February 8, 2014

RBI released draft Report on Enabling PKI in Payment System Applications

public-key-infrastructure2

A draft technical report on making payment system effective was released by Reserve Bank of India on 7 February 2014.
RBI in its report of the Technical Committee on Enabling Public Key Infrastructure (PKI) in Payment System Applications said that the objective of an effective payment system is to ensure a safe, secure, efficient, robust and sound payment system in the country.
RBI has kept the report open for public comment and suggestions till 28 February 2014. Public Key Infrastructure enabled electronic payment systems that has been introduced by the RBI are
• RTGS
• NEFT
• CBLO
• FOREX Clearing
• Government Securities Clearing
• Cheque Truncation System (CTS)
The RBI report said that in the year 2012-13 the non-PKI enabled payment system like clearing of MICR/Non MICR, electronic credit system, credit card and debit cards contributed to 75 percent, which in value terms is only 6.3 percent. It also mentioned that the payment systems enabled on non-PKI, MICR clearing and non-MICR clearing contributed to 37 percent and 10 percent in volume terms and 69 percent and 25 percent in value terms.
The report in its highlights has also included security features in existing payment system applications and feasibility in implementing PKI in all payments system applications. The Group has also recommended that banks may carry out in phases PKI implementation for authentication and transaction verification.The report has also mentioned that the issuing banks will also have to convert the older credit or debit cards with the magstripe into EVM chip and pin-enabled ones.
The systems of payment are subjected to various financial risks like
• Credit risk
• Liquidity risk
• Systemic risk
• Operational risk
• Legal risk
The need to recognise the security and safety to be robust was needed following the increase in the adoption of electronic payment products and delivery channels for transactional needs. The Reserve Bank of India had, in September 2013, constituted a group to prepare an approach paper for enabling PKI for Payment Systems in India. The members of the constituted group were from banks (State Bank of India and ICICI bank), Institute for Development and Research in Banking Technology-Certifying Authority (IDRBT-CA), Controller of Certifying Authority (CCA), New Delhi and Reserve Bank of India [(Department of Technology (DIT), Department of Payment and Settlement Systems (DPSS), Department of Government and Bank Accounts (DGBA) – Core Banking Solution (CBS) and Chief Information Security Officer (CISO).
About Reserve Bank of India
The Reserve Bank of India was established on 1 April 1935 in accordance with the provisions of the Reserve Bank of India Act, 1934. Its central office in the year was established in Calcutta, which was shifted to Mumbai in 1937. The Governor of India sits in the head office of RBI in Mumbai, where the policies of the bank are also formulated. Government of India owns RBI since 1949, before it was privately owned institution.