RBI PPI Technical Security Audit Compliance in Cloud

Cashless transactions are a revolution today. The way payments are made and accepted has undergone a huge transformation. To satisfy the needs of end-users many new payment methods are being evolved.

At the same time, this evolution is followed by the threat of sensitive payment data getting exposed to hackers. To act against threats on sensitive data, RBI has framed a set of guidelines for the security of end-user payment data.

For the utmost cybersecurity, RBI has formulated a body named “Board for Regulation and Supervision of Payment and Settlements Regulation, 2008” that came up with “Master Direction of Issuance and Operation of Prepaid Payment Instruments”, popularly known as RBI PPI in 2017.

RBI PPI defines a set of requirements that are to be followed by the Payment Instrument service providers for better user security. The requirements cover right from the secure and efficient maintenance of the Payment Instruments and disclosing the terms and conditions to existing participants to the rules and regulations that deal with the operation of Payment Instruments.

To give a broader understanding of the RBI PPI security requirements applicability to an organization’s IT infrastructure that includes all networks, servers, etc. SISA in association with Amazon Web Services (AWS), has come up with a white paper that discusses the benefits of hosting PPI workload on a cloud platform for better business growth and RBI PPI compliance.

As security is always a shared responsibility, where there should be an equal role to both a customer and a service provider, the white paper also explains the roles and responsibilities to be distributed between both.

For an easy understanding and CSP perspective, the mapping of responsibilities as per RBI PPI requirements is done between AWS and the customer.

Download the white paper to read in detail.