In 2020, massive on-boarding of new digital users onto payment platforms was accompanied by outages in bank systems and resultant transaction failures.
Banks have started asking non-bank partners to upgrade their information technology (IT) systems to minimise payment failures. The move follows a high incidence of transaction failures in the latter half of 2020, and regulatory guidelines which place the onus of ensuring payment security controls on banks.
In 2020, massive on-boarding of new digital users onto payment platforms was accompanied by outages in bank systems and resultant transaction failures. Matters were complicated by the fact that a large number of transactions, especially those made through the Unified Payments Interface channel, involve multiple hops across entities. Instances of fraud and data breaches have also been reported with some entities.
Taking cognisance of a series of outages at HDFC Bank that rendered its customers incapable of completing transactions, the Reserve Bank of India (RBI) in December 2020 imposed business restrictions on the bank. In February this year, the RBI issued a master direction on digital payment controls which shall apply to scheduled commercial banks, small finance banks, payment banks and credit card-issuing non-banking financial companies. As a result, it falls to the banks to ensure the success and security of digital payment transactions.
Sameer Shetty, head, digital banking, Axis Bank, said that most reported instances of data leakages have happened with non-bank entities. Some outages, too, have originated outside banks. The lender is now extending disaster recovery exercises and the whole discussion to its partners as well.
“There is a bunch of activities we are carrying out internally, such as framing policies on the kind of vendors we work with, what data we share, how we do information checks of their systems. We have now become very aggressive in terms of doing regular audits and checks of vendors so that their security systems are of similar levels,” he said. The bank is also working to see how it can encrypt more and more data.
At the same time, the entire ecosystem involved in digital payments will have to come together to smoothen the creases. Veena Sivaramakrishnan, partner, Shardul Amarchand Mangaldas & Co., said given that outsourcing is a regulated activity for banks, it is no surprise that banks are reaching out to their partners to upgrade and match the IT requirements of the bank itself. “In addition to ensuring a smooth payment flow, this will ensure reduction in manual intervention and personnel error. These measures will ensure that the trust reposed in the banking system continues to stay strong,” she said.