back Back

RBI tightens AePS rules: New guidelines to combat fraud and boost security

By Puja Sharma

August 06, 2024

  • Aadhar
  • AePS
  • Banking Regulations
Share

RBIThe Reserve Bank of India (RBI) has introduced draft guidelines to boost the security of the Aadhaar Enabled Payment System (AePS). Announced in the February 2024 Statement on Developmental and Regulatory Policies, these guidelines aim to address recent fraud cases linked to identity theft and compromised credentials.

The new rules focus on improving the onboarding and monitoring processes for AePS Touchpoint Operators. Operators must now be registered with only one acquiring bank, and their KYC details need updating if they are inactive for six months. The RBI is also calling for better security measures to protect bank customers and reinforce confidence in the AePS. These steps are designed to enhance the system’s reliability and safeguard against fraud.

Hello Puja, hope you are doing well.

By implementing ongoing due diligence and monitoring, along with tailored transaction limits based on risk profiles, the RBI is proactively addressing potential fraud risks. Additionally, the RBI has emphasized the importance of robust cybersecurity measures and effective management of third-party risks, urging banks to combat digital fraud and raise customer awareness.”

To bolster the Aadhaar Enabled Payment System (AePS) against recent frauds, the Reserve Bank of India (RBI) announced in the February 8, 2024, Statement on Developmental and Regulatory Policies that it will streamline the onboarding process for AePS Touchpoint Operators. This step comes in response to increasing incidents of fraud involving identity theft and compromised customer credentials.

The RBI’s draft directions focus on tightening the due diligence process for these operators.

These enhancements are crucial for several reasons:

  1. Fraud Prevention: Strengthening the onboarding and monitoring processes helps close gaps that fraudsters exploit, thus reducing the risk of identity theft and compromised credentials.
  2. Customer Protection: By improving the security of AePS, the RBI aims to protect bank customers from financial losses and personal data breaches.
  3. Trust and Confidence: Robust measures are essential for maintaining trust in the AePS system. Ensuring its safety and security is key to encouraging wider adoption and usage.
  4. System Integrity: Streamlining procedures and enforcing stricter KYC updates will enhance the overall reliability and integrity of the AePS, supporting its role in facilitating secure and efficient financial transactions.

Dilip Modi, Founder & CEO of Spice Money, “We welcome the Reserve Bank of India’s recent initiatives to enhance the robustness of the Aadhaar Enabled Payment System (AePS). These new measures, aimed at streamlining the onboarding process and ensuring stringent due diligence of AePS Touchpoint Operators, are a significant step forward in reducing fraud and protecting customers from identity theft and credential compromise.

AePS is the UPI of rural India and has been instrumental in driving financial inclusion across rural and underserved areas of India. However, instances of fraudulent activities have impacted user trust, as scammers exploiting system vulnerabilities have led to financial losses, which is reflected in the decline in transactions.

The RBI’s proactive approach in setting clear guidelines, such as requiring acquiring banks to perform thorough due diligence and update KYC for inactive AePS Touchpoint Operators, will ensure that only verified and active operators are part of the AePS network, thereby minimising the risk of fraudulent activities. Additionally, establishing transaction limits based on each operator’s risk profile is a vital measure. By tailoring these limits to the specific risk level, the system can effectively monitor and control transaction activities, reducing the likelihood of suspicious or fraudulent transactions.”

Key changes include:

  • Single Acquiring Bank Requirement: Each AePS Touchpoint Operator must now be registered with only one acquiring bank. This measure aims to simplify oversight and ensure a more rigorous monitoring process.
  • KYC Updates: Operators’ Know Your Customer (KYC) information must be updated if the operator remains inactive for six months. This ensures that the data remains current and reduces the risk of outdated or incorrect information being exploited.
  • Enhanced Security Measures: The draft directions emphasise the need for better security protocols to safeguard customer information and prevent fraudulent activities.

Previous Article

August 06, 2024

Societe Generale to sell UK, Swiss private banking units for €900m

Read More
Next Article

August 06, 2024

M-DAQ Global buys Easy Pay Transfers to expand ASEAN footprint

Read More






IBSi Daily News Analysis

cloud,

July 19, 2024

Aadhar

SMEs leverage cloud to gain competitive edge, study shows

Read More

IBSi FinTech Journal

  • Most trusted FinTech journal since 1991
  • Digital monthly issue
  • 60+ pages of research, analysis, interviews, opinions, and rankings
  • Global coverage
Subscribe Now

Other Related News

Today

Judo Bank upgrades its lending business with Thought Machine tech

Read More

Today

Quilter to acquire NuWealth to enhance digital capabilities

Read More

Today

Mastercard & boAt enable tap and pay functionality on wearables

Read More

Related Reports

Sales League Table Report 2024
Know More
Global Digital Banking Vendor & Landscape Report Q2 2024
Know More
NextGen WealthTech: The Trends To Shape The Future Q4 2023
Know More
IBSi Spectrum Report: Supply Chain Finance Platforms Q4 2023
Know More
Treasury & Capital Markets Systems Report Q1 2024
Know More

IBSi Global FinTech Innovation Awards 2024

Here’s to the coolest in FinTech!
Nominate Now!
close-link
Nominate now! IBSi Global FinTech Innovation Awards 2024