Download - Security Ecosystem of Digital Wallets
Security Ecosystem for Digital Wallets
BY -
SAUMYA VISHNOI
Who am I ? Information Security profession – about 6 years of experience
Ex- PCI QSA
Audited multiple wallet environments
Currently working with a Fintech organization
Disclaimer
All the information, discussion and views
presented in the talk are
personal !!!
What is Digital Wallet ?
Digital Wallet
A digital application that works like a wallet ----
you add money into it and then you can spend the money out of it
Types of Digital wallet
Closed loop
Semi-open loop
Open loop
How safe are wallets ?
RBI(Reserve Bank of India)
Regulatory Controls RBI Payment and Settlement Act 2007
RBI PSS Audit – CISA audit – external
Internal Audit
AML controls (Anti- Money Laundering )
Fraud management
Penalty clause
Basically Risk Management !!!
PSS Audit – CISA audit – external • External ISMS audit by a qualified CISA professional
•Submission of the audit report to RBI
•RBI review and approve/or send back with comments.
•Once approved --- RBI license is issued
•Internal audit schedule and review
•audit and risk committee responsibility
•Yearly external audit exercise and report submission to RBI
AML controls (Anti- Money Laundering )
• Required to be compliant to Prevention of Money Laundering Act, 2002
•KYC and non-KYC accounts
•Balance limitations
•Regular monitoring for suspicious behavior
•AML training to employees
Fraud Management• Establishment of Fraud team
•Regular monitoring for suspicious behavior
•Assisting law enforcement agencies in Investigating fraud incidents
•Blacklisting mechanism
•Blocking/Unblocking account
•Customer awareness
Penalty Clause Section 30 of PSS Act --- Power of Reserve Bank to impose fine
Section 31 of PSS Act --- Power to compound offences
Nature of offence -- Breach of provisions of the act.
Non- compliance of directions
Violations of tem and conditions of authorization
Amount of Penalty – Depends upon the nature of offence, with a min of 5 Lakhs
Trust