The Reserve Bank of India (RBI) on Friday issued guidelines to streamline the onboarding process for Aadhar Enabled Payment Systems (AePS) touchpoint operators and strengthen the fraud risk management. The guidelines will come into effect from January 1.
“In recent times, there have been reports of frauds perpetuated through AePS due to identity theft or compromise of customer credentials. To protect bank customers from such frauds, and to maintain trust and confidence in the safety and security of the system, a need is felt to enhance the robustness of AePS,” the notification issued by the central bank said. The draft guidelines were issued on July 31, 2024.
The AePS, operated by the National Payments Corporation of India, facilitates interoperable transactions using Aadhaar-enabled authentication.
As per the guidelines, banks which onboard AePS touchpoint operators must conduct due diligence. They must periodically update the KYC of operators. If an operator remains inactive for three consecutive months, the bank must carry out a KYC before allowing them to transact again.
On the risk management front, the RBI said the bank must monitor all activities of operators through their transaction monitoring systems on an ongoing basis and set operational parameters based on their risk profiles.
“Aspects such as location and type of the ATO, volume and velocity of transactions, etc. shall form part of bank’s fraud risk management framework,” the notification said.
The acquiring bank must also establish adequate system-level controls to ensure than any technological integrations like application programming interfaces (APIs) are used only for enabling AePS operations.