English Hindi



RBI new rules for Digital Transactions – RBI tightens digital payment security norms for lenders

RBI new rules for Digital Transactions – RBI tightens digital payment security norms for lenders


  • GS 3 || Economy || Banking & Financial Sector || Commercial Banking

Why in the news?

The Reserve Bank of India (RBI) has unveiled the master direction on digital payment security controls directives. These directives would exercise greater control over the digital payment transactions.

What is ‘Digital Transaction’?

Any transaction which is done through online means such as credit and debit cards, various mobile payment modes like Unified Payment Systems (UPI), internet banking, etc. is called digital transaction. The digital transactions fully exclude the requirement of physical cash and currency.

Potential of Digital transactions in India:

  • According to the RBI estimates, Payments through digital modes are expected to jump to 1.5 billion transactions, worth Rs 15 trillion a day in next five years.
  • The daily transactions average at about 100 million now for a volume of Rs 5 trillion.
  • Just before the Covid outbreak, the daily transactions were averaging around 125 million a day, which is more than five times the volume digital transactions witnessed in 2016 June.
  • In India, digital transactions have the potential to reach 30-40 per cent of the gross domestic product (GDP).

Characteristic of digital transactions in India:

  • Unprecedented growth in digital transactions: In 2018, the Bank for International Settlements (BIS) ranked India seventh among the 24 countries where it tracks digital payments. Around 67 million payments were processed per day in India in 2018-19 which is about one-eighth of China and one-seventh of the US. This marked an eight-fold growth in just six years: only China had a better growth rate.
  • Booming Start-ups in Fintech sector: India ranks third in a global list of 250 most promising fintech companies with 20 Finch start-ups within the top 250 promising finch entities
  • Investments and innovations: The rapid growth rate of digital transactions has also helped in investments and innovation. Start-ups in the sector are looking for innovations in retail, real estate, insurance, and wealth management. Even legacy banks are investing in various segments: wallets, digital lending, payment services, savings and wealth management, remittances, point of sale products and services, and insurance and real estate.

Issues with Digital transactions in India:

  • Low per capita digital transactions: According to the latest data available with BIS, India was ranked last in per capita penetration and frequency of use, with just 18 digital transactions per person per year. This was less than half of Saudi Arabia (38) and Mexico (40). Though digital payments have shot up since 2018, India is far from the likes of China (142), the US (495), and Singapore (831).
  • Low penetration of debit and credit cards: Only about 33% of India’s population above 15 years owns a debit card, against 92% in Singapore, 87% in Japan, and 67% in China, according to the World Bank.
  • Lack of infrastructure for settling real-time transactions: Of the 24 countries the BIS tracks, only nine have infrastructure to settle transactions in real time. In 2020, around 95% of China’s digital transactions were classified as real-time settlements. For India, that figure was 29% in volume terms and 7% in value terms.
  • Lack of credible regulations: Insofar, the RBI failed to bring in any credible comprehensive regulatory regime for the fintech sector. Recently, it has unveiled a more comprehensive regulatory code “Master direction on digital payment security controls directives” to foster an efficient regulatory regime for digital transactions.
  • High Merchant Discount Rate (MDR): RBI has stated many times that it is unlikely that digital payments can be facilitated without merchant discount rates (MDR) that the payments services providers charge per transaction. The central bank has in the past severely restricted the MDR, severely affecting profitability of fintech and payments services providers in the space.

Comparison with China:

  • China is a leader in digital payments, and India has been an able follower.
  • India registers about one-eighth the transactions that China does, but it matches China on growth.

Why greater regulation on digital transactions are needed?

  • Phenomenal increase in the volume of digital transactions: During the Covid-19 pandemic, the number of digital transactions has skyrocketed with the amount transacted via UPI doubling in January 2021, at Rs 4.3 lakh crore, from lasts year’s Rs 2.1 lakh crores. This calls for fortifying cybersecurity in the country.
  • Increasing cyber crimes: A 2020 report from Cybersecurity Ventures estimates damage from cybercrime at $6 trillion by the end of this year, with the intensity of cyberattacks sharply up from one every 11 seconds in 2021 versus one every 40 seconds in 2016.
  • Prevalence of digital illiteracy: With the rapidly expanding reach of mobile and UPI based digital transactions, the abysmal level of digital literacy among masses is a major .
  • Level-playing field: In absence of sound regulatory provisions, there may be scope for uneven fields for different Fin-tech. players Thus to ensure a level playing field for all finch players, RBI needs to bring in a comprehensive, fair and transparent regulatory regime.

Salient provisions of the ‘Master direction on digital payment security controls directives-2021’:

  • Regular assessment of finch apps: The new rules require regulated entities (REs)—scheduled commercial banks, small finance banks, payments banks and credit-card-issuing NBFCs—to conduct periodic assessment of apps. REs would be required to conduct source-code checks, vulnerability testing and penetration testing every six months for payment systems.
  • Comprehensive assessment of third parties services: The new rules also require REs to assess associated third-party services through which they are providing services. They will also be subject to penal provisions in case of no compliance.
  • Parameters based Security risks assessment : REs will have to assess cyber-risk based on defined parameters like technology stack, operational risk, data storage, etc. Compatibility and interoperability are also parameters that need to be incorporated into risk assessment
  • Emphasis on Capacity development: The rules require REs to have their own trained resources for managing cyber-risk though RBI has also promised to come up with guidelines on engaging third-party operators, for REs wishing to outsource such functions.
  • Time-bound framework for grievances redressal: The new guidelines also mandate REs to set up a near-real-time conciliation mechanism (24-hour settlement) along with a robust grievance redressal system that can process requests faster.
  • Setting highest security standards: The rules lay down methods for multi-factor authentication and more secure internet-banking services, requiring REs to follow the highest security standard protocols.
  • Future prospects of testing ecosystems: A testing and certification ecosystem has also been talked about, comprising registered firms and individuals to carry out security testing and audits.

Way forward:

  • An ideal solution to develop payments services would be to create a benchmark for everybody to follow and not to discriminate between banks and non-banks.
  • Fintech companies should also be allowed to do more business with greater flexibility and the RBI should focus on safeguarding the interests of the customers.
  • The fintech companies can also be allowed to issue credit cards by the RBI. They have been demanding this for so long.
  • Since fintech companies will now be comprehensively regulated by the RBI, there is no reason why RBI should not let the fintech introduce more products.

Model Mains Question:

  1. Discuss the need to bring in a more comprehensive regulatory regime for the Fintech sector in India. Enumerate the salient provisions of the recently launched master directives on digital transactions by the RBI.