With increasing cybersecurity violations, the Reserve Bank of India (RBI) has tightened its supervision requirements for payment firms that store consumer data.

A report in the Economic Times stated that all authorised payment system operators (PSOs) will be required to send comprehensive compliance certificates to the central bank twice a year, beginning April 1, 2021. These compliance certificates will have to be signed by the CEOs or managing directors of the PSOs, confirming adherence to all RBI regulations around security and storage of payment data.

The RBI has recommended that these certificates be submitted on April 30 and October 31 every year for the dates ending March 31 and September 30, respectively. These conditions are in addition to those imposed by the RBI in April 2018, when it required all PSOs to request an annual System Audit Report (SAR) by CERT-empaneled auditors that were approved by the board.

By December 2018, the payment companies were required to file a one-time compliance report on data localisation norms, which required that data relating to payments in India had to be maintained on a server physically located in the region.

On Tuesday (March 30), independent cybersecurity researchers claimed that a database containing sensitive details of 35 lakh users of fintech start-up MobiKwik was up for sale online on a hacker forum on March 29. However, the Gurugram-based digital wallet and payments company denied the breach.

According to a report by Technadu, the entire database can be bought for a price of 1.5 Bitcoin (around $85,000), which includes having the dark web portal taken offline and keeping everything exclusive.

Apart from this, Grocery e-tailer Big Basket, educational technology platform Unacademy, and payment aggregator JusPay have also been victims of cyber breaches in recent times. Big Basket became a victim of the data breach last year in October, and the Unacademy attack in May 2020 exposed details of 2.2 crore users. The Juspay leak in January this year exposed email IDs, phone numbers, and debit and credit card details of over 10 crore users of the Bangalore-based start-up.