Assignment Questions for Unit I Syllabus : Digital Payment Fundamentals , Modes of Digital Payment, and Security and Legal and Regulatory Framework Topic : Digital Payment Fundamentals 1. Essay Question: Describe and compare three different modes of digital payments, highlighting their mechanisms, advantages, and disadvantages. Additionally, discuss the importance of security measures in digital payment systems. How can businesses and individuals ensure the security of their digital transactions? Provide examples and relevant case studies to support your arguments. answer:Digital Payments Digital payments methods are often easy to make, are more convenient and provide customers the flexibility to make payments from anywhere and at anytime. These are a good alternative to traditional methods of payment and speed up transaction cycles. Post demonetization, people slowly started embracing digital payments with even small-scale merchants and shop owners starting to accept payments through the digital mode. The Government of India has been taking several measures to promote and encourage digital payments in the country. As part of the 'Digital India' campaign, the government aims to create a 'digitally empowered' economy that is 'Faceless, Paperless, Cashless'. There are various types and modes of digital payments. Some of these include the use of debit/credit cards, internet banking, mobile wallets, digital payment apps, Unified Payments Interface (UPI) service, Unstructured Supplementary Service Data (USSD), Bank prepaid cards, mobile banking, etc. What is a Digital Payment? In short, digital payment occurs when goods or services are purchased through the use of various electronic mediums. There is no transfer of cash or cheques in the physical form in the digital payment method. How do Digital Payments work? There are multiple elements involved in completing a digital payment. The main components of the digital payment are consumer (payer), merchant (payee), the payer’s bank account and the receiver’s bank account. For digital transaction to be successful, it is mandatory for both payee and payer to have a bank account with sufficient funds, an electronic device using which they can complete the transaction and they both should have signed up for an intermediary or payment service provider. The are numerous modes of digital payments, such as UPI, PoS, NEFT, mobile wallets, BHIM, and AEPS. UPI is one the most popular digital payment modes with transactions worth over $1 trillion. What is a Cashless Economy? In a cashless economy, all transactions are carried out using different types of payment methods and this does not involve the physical use of money for the purchase of various goods and services. 10 Types of Digital Payment Methods in India 1. Banking cards: Cards are among the most widely used payment methods and come with various features and benefits such as security of payments, convenience, etc. The main advantage of credit/debit or prepaid banking cards is that they can be used to make other types of digital payments. For example, customers can store card information in digital payment apps or mobile wallets to make a cashless payment. Some of the most reputed and well-known card payment systems are Visa, Rupay and MasterCard, among others. Banking cards can be used for online purchases, in digital payment apps, PoS machines, online transactions, etc. How to get Banking cards? Apply with your respective bank and provide Know Your Customer (KYC) details The card will get activated within a week and you will be allotted a 4-digit pin, which can be used for all transactions 2. USSD: Another type of digital payment method, *99#, can be used to carry out mobile transactions without downloading any app. These types of payments can also be made with no mobile data facility. This facility is backed by the USSD along with the National Payments Corporation of India (NPCI). The main aim of this type of digital payment service is to create an environment of inclusion among the underserved sections of society and integrate them into mainstream banking. This service can be used to initiate fund transfers, get a look at bank statements and make balance queries. Another advantage of this type of payment system is that it is also available in Hindi. How to Use *99#? This service can be used by dialling *99#, after which the customer can interact with an interactive voice menu through their mobile screen. To use the service the mobile number of the customer should be the same as the one linked to the bank account The next step is to register for USSD, MMID (Mobile Number Identifier) and MPIN 3. AEPS: Expanded as Aadhaar Enabled Payment System, AEPS, can be used for all banking transactions such as balance enquiry, cash withdrawal, cash deposit, payment transactions, Aadhaar to Aadhaar fund transfers, etc. All transactions are carried out through a banking correspondent based on Aadhaar verification. There is no need to physically visit a branch, provide credit or debit cards, or even make a signature on a document. This service can only be availed if your Aadhaar number is registered with the bank where you hold an account. This is another initiative taken by the NPCI to promote digital payments in the country. How to use AEPS? It is very simple to use AEPs, all you need to do is to provide the accurate Aadhaar number and the payment will be successfully made to the concerned merchant 4. UPI: UPI is a type of interoperable payment system through which any customer holding any bank account can send and receive money through a UPI-based app. The service allows a user to link more than one bank account on a UPI app on their smartphone to seamlessly initiate fund transfers and make collect requests on a 24/7 basis and on all 365 days a year. The main advantage of UPI is that it enables users to transfer money without a bank account or IFSC code. All you need is a Virtual Payment Address (VPA). There are many UPI apps in the market and it is available on both Android and iOS platforms. To use the service one should have a valid bank account and a registered mobile number, which is linked to the same bank account. There are no transaction charges for using UPI. Through this, a customer can send and receive money and make balance enquiries. How to use UPI? Download the app on Android or iOS platform Register for the service by providing bank account details Create a VPA, get an MPIN 5. Mobile Wallets: A mobile wallet is a type of virtual wallet service that can be used by downloading an app. The digital or mobile wallet stores bank account or credit/debit card information or bank account information in an encoded format to allow secure payments. One can also add money to a mobile wallet and use the same to make payments and purchase goods and services. This eliminated the need to use credit/debit cards or remember the CVV or 4-digit pin. Many banks in the country have launched e-wallet services and apart from banks, there are also many private players. Some of the mobile wallet apps in the market are Paytm, Mobikwik, Freecharge, etc. The various services offered by mobile wallets include sending and receiving money, making payments to merchants, online purchases, etc. Some mobile wallets may charge a certain transaction fee for the services offered. How to use a mobile wallet? Download the app Register for the service by following instructions and providing all details Load money 6. Bank pre-paid cards: A prepaid card is a type of payment instrument on to which you load money to make purchases. The type of card may not be linked to the bank account of the customer. However, a debit card issued by the bank is linked with the bank account of the customer. How to Use a Prepaid Card? Apply for the card Get pin Load money from your bank account/debit card 7. PoS terminals: Traditionally, PoS terminals referred to those that were installed at all stores where purchases were made by customers using credit/debit cards. It is usually a hand held device that reads banking cards. However, with digitization the scope of PoS is expanding and this service is also available on mobile platforms and through internet browsers. There are different types of PoS terminals such as Physical PoS, Mobile PoS and Virtual PoS. Physical PoS terminals are the ones that are kept at shops and stores. On the other hand, mobile PoS terminals work through a tablet or smartphone. This is advantageous for small time business owners as they do not have to invest in expensive electronic registers. Virtual PoS systems use web-based applications to process payments. 8. Internet Banking: Internet banking refers to the process of carrying out banking transactions online. These may include many services such as transferring funds, opening a new fixed or recurring deposit, closing an account, etc. Internet banking is also referred to as e-banking or virtual banking. Internet banking is usually used to make online fund transfers via NEFT, RTGS or IMPS. Banks offer customers all types of banking services through their website and a customer can log into his/her account by using a username and password. Unlike visiting a physical bank, there are to time restrictions for internet banking services and they can be availed at any time and on all 365 days in a year. There is a wide scope for internet banking services. 9. Mobile Banking: Mobile banking is referred to the process of carrying out financial transactions/banking transactions through a smartphone. The scope of mobile banking is only expanding with the introduction of many mobile wallets, digital payment apps and other services like the UPI. Many banks have their own apps and customers can download the same to carry out banking transactions at the click of a button. Mobile banking is a wide term used for the extensive range or umbrella of services that can be availed under this. 10. Bharat Interface for Money (BHIM) app: The BHIM app allows users to make payments using the UPI application. This also works in collaboration with UPI and transactions can be carried out using a VPA. One can link his/her bank account with the BHIM interface easily. It is also possible to link multiple bank accounts. The BHIM app can be used by anyone who has a mobile number, debit card and a valid bank account. Money can be sent to different bank accounts, virtual addresses or to an Aadhaar number. There are also many banks that have collaborated with the NPCI and BHIM to allow customers to use this interface. How to Use BHIM App? Download and install the BHIM app Choose a language Register for the service by providing mobile number linked to bank account Add bank-related information and set up a UPI PIN by following the given instructions Benefits of Digital Payments Faster, easier, more convenient: Perhaps, one of the biggest advantages of cashless payments is that it speeds up the payment process and there is no need to fill in lengthy information. There is no need to stand in a line to withdraw money from an ATM or carry cards in the wallet. Also, with the move to digital, banking services will be available to customers on a 24/7 basis and on all days of a year, including bank holidays. Many services like digital wallets, UPI, etc, work on this basis. Economical and less transaction fee: There are many payment apps and mobile wallets that do not charge any kind of service fee or processing fee for the service provided. The UPI interface is one such example, where services can be utilized by the customer free of cost. Various digital payments systems are bringing down costs. Waivers, discounts and cashbacks: There are many rewards and discounts offered to customers using digital payment apps and mobile wallets. There are attractive cash back offers given by many digital payment banks. This comes as boon to customers and also acts a motivational factor to go cashless. Digital record of transactions: One of the other benefits of going digital is that all transaction records can be maintained. Customers can track each and every transaction that is made, no matter how small the transaction amount this. One stop solution for paying bills: Many digital wallets and payment apps have become a convenient platform for paying utility bills. Be it mobile phone bills, internet or electricity bills, all such utility bills can be paid through a single app without any hassle. Helps keep black money under control: Digital transactions will help the government keep a track of things and it will help eliminate the circulation of black money and counterfeit notes in the long run. Apart from this, this may also give a boost to the economy as the cost of minting currency also goes down. Digital payments are slowly gaining popularity in India and there are many apps that are being launched in this sector. It has become a hassle-free and secure way to make payments. 2. Case Study Question: Analyze a recent case of a security breach in a digital payment system. Describe the incident, the vulnerabilities exploited, and the consequences for the affected parties. Evaluate the security measures implemented by the payment service provider and assess their effectiveness in preventing such breaches. Based on your analysis, propose recommendations for enhancing the security of digital payment systems to mitigate similar risks in the future. answer:INTRODUTION The invention of digital payments methods has resulted in various methods that manage financial transactions. The various technologies like from online shopping to mobile banking are the technologies providing speed simplicity, they allow customers to make payments anytime and anywhere. However, the people depend on digital platforms, the sensitive user data and financial information will be secured. We will explain about the complexities of digital payments security threats and vulnerabilities. It sparkles the light on the possible threats created by malware, particularly trojan horses, which can penetrate user data and cause damage on digital platforms. It highlights some other security threats like DOS attacks, phishing, and malware that targets the user's personal information. underlining the necessity for ongoing monitoring and proactive security measures. Paper explores various authentication mechanisms in the digital payment system. It includes password authentication and two-factor authentication. It talks about the significance of strong passwords, the danger of weak passwords and installation of additional verification processes to improve security. Moreover, it investigates the role of one-time password and biometric authentication such as facial recognition, fingerprint, in bolstering the security of digital payment transactions. Encryption technique plays an important role in protecting the data during transactions. The paper looks into symmetric and asymmetric encryption algorithms, such as AES, 3DES, and RSA, stressing their relevance in preserving the security and integrity of sensitive information. It also explores the hybrid encryption technique which combines both symmetric and asymmetric encryption to increase security measures. Furthermore, the paper addresses the significance of fraud detection and prevention in digital payments. It helps to prevent fraud detection. It investigates the significance of secure transaction protocols such as tokenization in improving security and protecting sensitive data. Emerging technologies include block chain for secure transactions, artificial intelligence for fraud detection, and machine learning for pattern analysis. Finally, this paper presents a detailed summary of digital payments security threats and vulnerabilities. Stakeholders can assure the confidentiality, integrity and authentication of transactions by identifying the risks and implementing suitable security measures, eventually generating trust and confidence among users. LITERATURE REVIEW Digital payments have changed dramatically how the way money is handled, providing convenience and efficiency to all users around the world. As the usage of digital payment systems grows. There are significant security concerns. The purpose of this overview of the literature is to provide a full understanding of the existing landscape and suggest future research topics on security risks in digital payments. It accomplishes this by evaluating the body of knowledge and scholarly contributions made in this field. In order to understand security challenges, it is critical to examine the features and operation of digital payment systems. Numerous studies have been conducted on various digital payment systems, such as mobile payments, internet banking, and crypto-currency exchanges. These studies highlight the procedures, protocols, and technologies employed in these systems, as well as any potential weaknesses that could be exploited by malicious actors. A wide range of security concerns and attacks are revealed by the literature review to be directed at digital payment systems. The vulnerabilities present in the communication channels used for digital payments are a prominent field of research. Studies indicates that we use encryption and authentication mechanism for unauthorised access or compromised system. Malwares most common threat are ransomware and banking Trojan, which can attack users on finance platform for their data . Researchers have looked into the methods, capacities, and effects of various malware strains, providing insights into how they change over time and proposing mitigation tactics to combat them. The study covers the topic of mobile payment systems and related security issues. It gives an overview of several mobile payment methods, including direct carrier billing, mobile payment platforms, independent mobile payment systems, mobile payment at the point of sale (POS), and mobile payment as the POS. The assessment underscores the usefulness and appeal of mobile payment systems but also draws attention to the security risks and difficulties they encounter. Additionally, the literature goes into great detail on the subject of fraud and identity theft in online transactions. Researchers have looked at phishing attempts, social engineering methods, and account takeover as examples of identity theft. To lessen the risks associated with identity-related attacks, they have suggested a variety of detection and prevention measures, including multi-factor authentication, bio-metric verification, and anomaly detection algorithms. The literature also focuses on user awareness and education. Researchers stress how crucial it is to inform users of the possible risks and the best procedures for safe online transactions. To encourage responsible conduct and reduce the frequency of security events, they suggest user-friendly security interfaces, training programs, and awareness campaigns. Malware, SSL/TLS vulnerabilities, and data breaches are the three primary security risks in mobile payment systems, according to the research. It explains the dangers that could result from compromised mobile payment accounts as well as how mobile devices are susceptible to virus attacks. The assessment also emphasizes the weaknesses in SSL/TLS encrption as well as the danger of data breaches that can expose private payment information. Detection of malware, multi-factor authentication, data breach prevention, and fraud detection and prevention are the other four security issues covered in the evaluation that pertain to mobile payment systems. In order to protect against data breaches and fraudulent activities, it underlines the necessity for efficient malware detection techniques, strong authentication procedures, and preventive measures. In the literature review along new technologies are also examined with the impact on electronic payment system security system. Block chain technology, Artificial intelligence and distributed ledger technology have been investigated for their prospective to increase the security of payment systems. They also high light the perspective as additional security dangers connected to these technologies such as privacy and scalability. Overall, the assessment of the literature shows that security risks associated with digital payments are many and changing quickly. Even though major efforts have been made to combat these risks, regulatory agencies, industry, and academia must continue to work together and conduct research in order to remain ahead of the continuously evolving danger landscape. This study intends to contribute to the creation of efficient security frameworks and procedures that protect the integrity and credibility of digital payment systems by identifying the research gaps and current knowledge gaps. SECURITY THREATS AND SOLUTIONS Security threats related to digital payment will evolve day by day. Some of common threats are Trojan. Trojan is malware where is acts as genuine software of the users but behaves the way it wants. Trojan can reach users Personal computer( PC ) or Phone through email along with PDF or downloadable links. It can track keystrokes, make system vulnerable to other attacks. It will change original data form, copy important information, update data if required, use system resources for its own task and hinder system performance. Comparing other viruses, Trojan don't have capability to duplicate itself . Trojan can act in multiple ways, Backdoor Trojan where it will not attack your system instead will open doors for other attackers to manipulate your system, it achieves this by loading variety of malware to victim system which makes system vulnerable. Rootkit will make sure that victim will not any malware on his/her system. Banking Trojans are those which captured screenshot during payment transaction with keystrokes capturing. Remote access Trojan gives attacker a way to access victims system remotely, similar to banking Trojan even this can capture screenshot of transactions. Trojan works in following, first it get downloaded to victim's system by escaping victim's awareness. Then Trojan gives remote working environment for attacker to deploy more malware to victim system. To this point victim system is under control of attacker. With respect to digital payment, attacker can target sensitive information like credit card details, transaction data, login and usage logs. They are good at hiding their presence on the victim system with the help rootkit type of virus. As mentioned earlier Trojan has capability to capture keystrokes which in turn leads to collect user credentials like username and password. In some cases it also captures screenshots, if you want context of screenshot with digital payment where attacker can take screenshot of transaction of victim. Denial of service is the Cyberattack, where the third party tries to flood your system with hundred's of requests. This makes platform to break down and unable to provide service for users in turn recurring losses. Worms are more dangerous because it does not need attacker intervention. It can act on its own, meaning it will duplicate itself and spreads across many devices. One way it attacks is using Distributed denial of service (DDoS).In which it compromises as many as devices in the network and will flood the network as many request to bring the system eventually making financial loss to platform, service being unavailable to users. In digital platform it can also take advantage of code not written properly, networks. phishing attacks comes Cyber threat where attackers act as trusted platform to communicate with unsuspecting user via mail, text or website. attackers make sure he acts like trusted platform to get user credential or other sensitive information from the user. Solution to prevent oneself from malware and attacks is keep antivirus up to date. This software detects and eliminate malware. Anti-virus companies releases software updates regularly so with those software updates software can perform and detect new viruses in the market. one more thing users can do is to use firewall which stands between device and foreign network ensuring logging of all activity. By enabling firewall will reduce the chances of system being compromised. users should be educated on where to download files; cause Trojan are usually hidden in the PDF upon which downloading can transfer it system directly. Make use of Encryption technique like SSL and TLS which encrypt connection between entity during transaction. AUTHENTICATION MECHANISMS In an era where digital payment systems are transforming our transaction methods, it is crucial to prioritize the implementation of strong security measures. This article explores the world of authentication mechanisms utilized in digital payment systems, providing insights into their importance and influence. By comprehending the advantages, drawbacks, and implementation factors associated with different authentication techniques, developers and users of payment systems can make well- informed choices to enhance security without compromising the convenience of seamless transactions. 1.Password-based: Aauthentication is an important safety feature in digital payment systems, making password strength an important factor in making sure security in general. This section addresses the importance of powerful passwords, the risks associated with weak ones, and ways for creating and managing strong passwords. In addition, it stresses the importance of password hashing n protecting user credentials, particularly in the event of data breaches. Two-factor authentication, or 2FA for short, is an excellent way for improving security. Users must offer an additional form of verification in addition to their passwords in such a way. The paper examines several 2FA options, such as SMS codes, authentication apps, and bio-metrics, and assesses their usefulness in increasing security and limiting the risks of password leaks or theft. To bolster security, incorporating two-factor authentication is highly recommended. This approach requires users to provide an additional form of verification beyond passwords. The article explores various 2FA methods, such as SMS codes, authentication apps, or bio-metrics, discussing their effectiveness in enhancing security and mitigating the risks of password breaches or theft. One-time passwords offer an additional layer of security by generating unique codes for each transaction or login session. This section explains how OTP's work, their time-sensitive nature, and their resistance against replay attacks. It also explores the different methods of OTP generation, such as SMS, email, or dedicated mobile apps. Bio-metric Identification: Bio-metric authentication utilizes unique physical attributes, like fingerprints or facial features, to validate users' identities. The article discusses the advantages of bio-metrics, including their difficulty to replicate or forge. It highlights the integration of bio-metric authentication in mobile devices and payment apps, emphasizing the convenience and enhanced security it provides while minimizing the risk of credential theft. ENCRYPTION TECHNIQUES Encryption techniques play an important role in maintaining the security and privacy in digital payment systems. By applying many algorithms bland by doing so organizations can ensure the integrity, confidentiality, and authenticity of data during payment transactions. In this section, we will delve into the encryption techniques commonly utilized in digital payment systems, highlighting their significance in bolstering security and privacy. SYMMETRIC ENCRYPTION Symmetric encryption stands as a foundational encryption technique widely embraced by digital payment systems. It operates by employing a single secret key for both encryption and decryption processes. This shared key between the sender and the recipient serves to establish secure communication channels and safeguard sensitive data. Notable symmetric encryption algorithms commonly employed in digital payment systems include: AES (Advanced Encryption Standard):} AES is widely called a symmetric block cipher due to its effective performance and strong security measures. It supports key lengths of 128-bit, 192-bit, and 256- bit, providing a high level of encryption to ensure secure data transfer from one place to another. 3DES (Triple Data Encryption Standard):} On the other hand, 3DES uses the Data Encryption Standard (DES) algorithm by adding additional three consecutive encryption operations in a cascade. This approach enhances security by adding multiple layers of encryption to the data. While DES may be deemed relatively weak, the utilization of multiple encryption rounds within 3DES significantly bolsters security. Symmetric encryption techniques enable the encryption of sensitive information, such as credit card details and transaction data, thereby guaranteeing its confidentiality and impeding unauthorized access. ASYMMETRIC ENCRYPTION Asymmetric encryption, also widely called public-key encryption, is an important technique used in digital payment systems. It operates using a pair of keys: a public key for encryption and a private key for decryption. While the public key can be freely shared, the private key is securely kept by the intended recipient. This approach ensures secure and unscathed communication between senders and receivers involved in digital transactions. The following benefits are provided by asymmetric encryption: Secure Key Exchange: Asymmetric encryption helps in the secure exchange of keys between senders and receivers involved in a transaction. This ensures that session keys or symmetric encryption keys can be securely transmitted over any network, providing excellent protection against eavesdropping and unauthorized access. Electronic Signatures: When ensuring the authenticity and integrity of digital price transactions, digital signatures are absolutely necessary. When a digital signature is created using the sender's private key, the recipient can use the corresponding public key to validate the signature. Confidentiality: Confidentiality is another crucial feature provided by asymmetric encryption, which allows data to be encrypted using the sender's public key. Only the intended recipient, possessing the private key, can decrypt and gain access to the information, which significantly improves its confidentiality and privacy. Prominent asymmetric encryption algorithms commonly utilized in digital payment systems include: RSA (Rivest-Shamir-Adleman): RSA stands as a widely recognized encryption algorithm celebrated for its security and versatility in key exchange and digital signatures. Elliptic Curve Cryptography (ECC): ECC offers robust security while employing shorter key lengths compared to traditional algorithms. This feature makes ECC particularly suitable for resource- constrained environments. By implementing these encryption techniques, digital payment systems can fortify their security measures and safeguard sensitive data, ensuring a trustworthy and protected environment for payment transactions. HYBRID ENCRYPTION To harness the advantages of both symmetric and asymmetric encryption, hybrid encryption procedures are commonly utilized in digital payment systems. In this approach, symmetric encryption is used to encode the actual payment data, while asymmetric encryption is used to securely exchange and safeguard the symmetric encryption keys. By combining these encryption techniques, digital payment systems can ensure secure and confidential transactions, safeguarding sensitive data from unauthorized access, alteration, and interception. In conclusion, encryption techniques are vital components in addressing security and privacy concerns in digital payment systems. Symmetric encryption provides efficient and secure data transmission, while asymmetric encryption facilitates secure key exchange, digital signatures, and confidentiality. By employing hybrid encryption approaches, organizations can leverage the strengths of both techniques to enhance the security and privacy of digital payment transactions, thereby building trust and safeguarding sensitive information. FRAUD DETECTION AND PREVENTION Fraud detection is to take care of transaction occurring through internet. There are security concerns like unauthorized access is where person who does have any rights on platform access the platform like hackers and cyber criminals employ techniques like phishing and denial of service. Data breaches can happen when system is under control of attacker/ compromised, which attackers can get access to personal information like credentials . malware/ransomware will also cause a threat which can take control of victim's system. Privacy concerns like data collection from user ensures that user on platform are legitimate. This can be ensured by collecting necessary details like transnational details, device information which are necessary for prevention and detection of frauds. Data security should be implemented so user's data is in tact so attacks on data is detected. secure storage devices, encryption can help data security. user should be consented for which data is collected from them so they understand why those data are collected. Data retention policies should be know to user and it is ethical role of data collectors to dispose data. User should have right to see, access, and update data collected by them to the platform. Few measure are taken to prevent are Multi factor authentication and real time monitoring. Two factor authentication adds one more step on entering password which user know and user were asked to link something like email or phone number which are belonging of user, where it significantly reduces the unauthorized user into someone else account. conventional method like entering password is vulnerable to phishing, brute force attack or social engineering. In Two factor authentication, first part is user password or user pin that user knows and want to keep it secret but the problem password faces is that is can be easily compromised using phishing or key logging. It can be easily figured out by cybercriminal. Second part of Two factor authentication is thing which user owns and can be used to get entry to the platform. Commonly used factors are OPT, Notification sent to user phone. OTP (one time password) is sent to user's phone app, text or email which user can enter after entering password which send the second factor to you. Real time monitoring tracks transaction currently happening over network or continuous monitoring of transaction either by collecting location, amount, user behavior. Key components of real time monitoring is transaction monitoring which use machine learning algorithm to analyze transaction. It includes velocity checks, outlier identification which helps to understand any behavior which is abnormal. Collects data from multiple sources where it includes data lie customer information, organization information which helps in fraud detection. Behavior analysis tries to read the history of user's transaction to verify their previous behavior and current behavior to identify any potential fraud and makes it easy to prevent it. Network monitoring is key component of real time monitoring where not only user's profile is monitored to prevent fraud but entire network is monitored to identify any distributed denial service of attack or any system breaches. But one more thing to remember is apart from the above key components constant improvement to identify new malware, new machine learning algorithms to analyses network or user profile should be discovered to mitigate new fraud and prevent it from occurring. SECURE TRANSACTION PROTOCOLS Encryption plays a crucial role in different applications, http is an extension it will add encryption for authentication laters. it will creates secure communication between client and server, it allows platforms exchange all the data during transactions through the network. encryption is a fundamental concept in modern cryptography. it will converts the data into unreadable form called cipher text. Symmetric key encryption is also called as secret key encryption. the employs shared a single key for the both encryption and decryption process. it will encrypts the large amount of data. asymmetric key is also known as public key encryption, the public key is freely distributed and used for encryption. private key is use for decryption, a sender can send a message using their private key, It is an authentication protocol developed by major payment card networks. It provides an extra layer of security for online card transactions. It allows the card holder's identity to be verified by providing an additional authentication step during the payment process. This protocol may use of combination of cryptography techniques and dynamic data exchange between the card holders. It helps to make the secure transactions. It reduces the danger card fraud attacks and improves the security of digital payments. It will add extra authentication to the payment process often mentioned as 3d secure authentication. it involves the three steps they are the issuer domain, the acquirer domain, the interoperability domain. when a card holder begins a online payment transactions, the merchant's website initiates the 3Ds process. Tokenization is a technique during digital transactions it will substitute the sensitive card payment with unique tokens, it is a highly effective technique, and it offers a powerful solution by replacing sensitive data with unique tokens. tokenization offers various advantages for digital payments. it significantly reduces the risk and unauthorized access to sensitive payment card information, it enhances the security of data transmission during digital payment transactions. tokens are used as actual payment card data, the risk of compromising the data during transmission is greatly mitigated. Tokenization has become an accepted and widely adopted security measure in digital payment systems. it includes mobile payments, E-commerce, and recurring billing. By protecting critical payment card data and minimizing the possible effects of data breaches, it improves the overall security posture. It is an advanced security measure, Bio-metric authentication utilizes special physiological such as face recognition, finger prints. It is used to verify the identity during digital payment transaction. It will provide high level security of data. When bio metric authentication is used during the payment process, Unauthorized access risk can be minimized. It will protect the sensitive information. The user's payment account is connected to their bio metric data through bio-metric authentication. when starting a transaction the user is to provide their bio-metric sample.such as putting their finger on a fingerprint. It will offers several advantages for digital payments Users are no longer required to type or remember complicated PIN's or passwords. Instead, users may easily and rapidly authenticate themselves using their bio-metric traits, which are essentially individual to them. Replication of bio-metric authentication is challenging. Bio-metric traits are intrinsically linked to the individual and are therefore impossible to copy or transmit, in contrast to passwords that can be lost, stolen, or exchanged. if offers a highly secure and convenient method for verifying the identity of users in electronic payment exchanges. It improves security, lowers the possibility of unwanted access, and offers a user-friendly experience by utilizing special bio-metric traits. Bio-metric authentication is anticipated to play a bigger part in the future of secure digital payments as technology develops and bio- metric systems continue to advance. It is critical to address the security threats posed by these platforms given the growing use of mobile devices for digital payments. The secure storing of payment credentials, data encryption during transmission, and defense against malware and illegal access are the main concerns of secure transaction protocols for mobile devices. Some of the approaches used to strengthen the security of digital payments on mobile devices include mobile-based authentication apps, secure components, and device fingerprinting. It is concerned with safeguarding the data saved on the device. It helps to secure data by transforming it into an unreadable format that can only be viewed with a decryption key. It encodes the sensitive payment data store on the device. The information is still shielded from unwanted access. Application developers overview the Secure app development standards are essential for keeping mobile devices secure coding practices, conduct testing and include strong security measures into their applications. the apps should utilize encryption Implement safe authentication procedures for data transmission, and overview to industry security requirements. It includes secure network connections when connecting public networks like Wi-Fi, the user must be aware this network Eavesdropping and man-in-the-middle attacks are possible. use VPN network, it will establish secure and encrypted networks. It will protects the confidential data transmitted over the public network. It includes secure network connections when connecting public networks like Wi-Fi, the user must be aware this network Eavesdropping and man-in-the-middle attacks are possible. use VPN network, it will establish secure and encrypted networks. It will protects the confidential data transmitted over the public network. Device authentication and user awareness are all examples of mobile device Mobile devices may be trusted platforms for completing secure digital payment transactions while protecting sensitive payment information and user privacy by applying strong security measures. EMERGING TECHNOLOGIES Digital payment systems continue to develop new technologies are being created to improve user ease, experience, and efficiency however . It will explore some emerging technologies like that aims to address the concerns and it will improve the security and privacy in digital payment systems. Tokenization is a technology, it replaces the sensitive data such as Credit card numbers, for example, can be replaced with unique tokens. Tokens are generated random there is no relationship between the original data, If an unauthorized entity intercepts the message. Tokenization can help digital payment systems limit the danger of disclosing sensitive information during transactions it enhance the security and privacy. using the bio-metric authentication technology such as facial recognize and fingerprint, it will add an extra layer of security for digital payment system. By utilizing distinct biological traits, these technology can verify the user identity with high level precision. Block chain is technology, this technology is originally developed for crypto-currency like bitcoin. has gotten a lot of attention because of its potential to change digital payment methods. It decentralize the nature enhances security and privacy. Block chain transactions are verified and it can not be altered, by providing the robust frame for secure and digital payments. Artificial intelligence is a technology, AI is used for fraud detection system with the help of machine learning algorithms, it is used to analyze huge amount of transaction data and used to identify the fraud relevant activities. These algorithms may learn and adapt to new fraud patterns in real time, increasing their accuracy over time. digital payment system in AI can detect proactively and prevent fraud transactions, ensuring the security and privacy of users' financial information. Machine learning algorithms can continuously analyze and process the data. They are improving their comprehension of normal and deviant transaction behavior. It enables AI systems to keep up with emerging fraud tactics. Increasing their effectiveness in detecting and preventing fraudulent transactions. CONCLUSION Finally the security and privacy problems in digital payments are substantial and must be addressed Because security threats such as Trojans and phishing attacks are becoming more sophisticated, continues prevention measures and required user knowledge. It includes mechanisms like authentication, passwords-based and bio-metric methods plays an important role to verify the user identity and reduced unauthorized access. some of encryption techniques like symmetric and asymmetric encryption During transactions, maintain the confidentiality and integrity of sensitive data. Tokenization protects card information effectively while developing emerging technologies like block chain and Artificial intelligence contribute to improving the security and privacy of digital payment systems. Continuous research and development in these areas is critical for staying ahead of developing security risks and assuring the reliability and security of digital transactions. REFERENCES [1] Saxena, Sameer, et al. Survey on online electronic payments security. 2019 Amity International Conference on Artificial Intelligence (AICAI). IEEE, 2019.. [2] Khando, Khando, M. Sirajul Islam, and Shang Gao. The Emerging Technologies of Digital Payments and Associated Challenges: A Systematic Literature Review. Future Internet 15.1 (2022): 21. [3] CEIC Data, (2023), Mobile Payments in India [Screenshot], Retrieved from https://www.ceicdata.com/en/india/mobile-payments [4] Wang, Yong, Christen Hahn, and Kruttika Sutrave. Mobile payment security, threats, and challenges. 2016 second international conference on mobile and secure services (MobiSecServ). IEEE, 2016. [5] Alzoubi, Haitham M., et al. Cyber Security Threats on Digital Banking. 2022 1st International Conference on AI in Cybersecurity (ICAIC). IEEE, 2022. [6] Hassan, Md Arif, and Zarina Shukur. A secure multi factor user authentication framework for electronic payment system. 2021 3rd International Cyber Resilience Conference (CRC). IEEE, 2021. [7] Xia, Huosong, et al. Knowledge acquisition model of mobile payment based on automatic summary technology. Electronic Commerce Research (2022): 1-24. [8] Ali, Guma, Mussa Ally Dida, and Anael Elikana Sam. Two-factor authentication scheme for mobile money: A review of threat models and countermeasures. Future Internet 12.10 (2020): 160. [9] Chen, Chunyan. Discussion on the Security Mechanism of Mobile Payment. 2021 7th Annual International Conference on Network and Information Systems for Computers (ICNISC). IEEE, 2021. [10] Lal, Nilesh A., Salendra Prasad, and Mohammed Farik. A review of authentication methods. vol 5 (2016): 246-249. [11] Sun, Jiabin, and Nan Zhang. The Mobile payment based on public-key security technology. Journal of Physics: Conference Series. Vol. 1187. No. 5. IOP Publishing, 2019. [12] Ahmed, Waqas, et al. Security in next generation mobile payment systems: A comprehensive survey. IEEE Access 9 (2021): 115932-115950. [13] Seera, Manjeevan, et al. An intelligent payment card fraud detection system. Annals of operations research (2021): 1-23. [14] Diadiushkin, Alexander, Kurt Sandkuhl, and Alexander Maiatin. Fraud detection in payments transactions: Overview of existing approaches and usage for instant payments. Complex Systems Informatics and Modeling Quarterly 20 (2019): 72-88. [15] Ishak, Norhamiza. Overview of cashless payment in Malaysia. International Journal of Accounting, Finance and Business (IJAFB) 5.27(2020): 11-18. [16] Urs, Bogdan-Alexandru. SECURITY ISSUES AND SOLUTIONS IN E-PAYMENT SYSTEMS. Fiat Iustitia 1 (2015). [17] Dijesh, P., SuvanamSasidhar Babu, and Yellepeddi Vijayalakshmi. Enhancement of e-commerce security through asymmetric key algorithm. Computer Communications 153 (2020): 125-134. [18] Bangera, Srishti, Pallavi Billava, and Sunita Naik. A hybrid encryption approach for secured authentication and enhancement in confidentiality of data. 2020 Fourth International Conference on Computing Methodologies and Communication (ICCMC). IEEE, 2020. [19] Moon, Iffath Tanjim, et al. Towards the advancement of cashless transaction : A security analysis of electronic payment systems. Journal of Computer and Communications 10.07 (2022): 103-129. [20] Ximenes, Agostinho Marques, et al. Implementation QR code biometric authentication for online payment. 2019 International Electronics Symposium (IES). IEEE, 2019 Topic : Modes of Digital Payments and Security: Conceptual Question: 1. Explain the fundamental concepts underlying digital payments. Discuss the key components and processes involved in a typical digital payment transaction, from initiation to settlement. Illustrate your explanation with diagrams or flowcharts if necessary. Additionally, analyze the advantages and challenges of digital payments compared to traditional cash-based transactions. answer:Digital payments are payments done through digital or online modes, with no exchange of hard cash being involved. Such a payment, sometimes also called an electronic payment (e-payment), is the transfer of value from one payment account to another where both the payer and the payee use a digital device such as a mobile phone, computer, or a credit, debit, or prepaid card. The payer and payee could be either a business or an individual. This means that for digital payments to take place, the payer and payee both must have a bank account, an online banking method, a device from which they can make the payment, and a medium of transmission, meaning that either they should have signed up to a payment provider or an intermediary such as a bank or a service provider. Featured Partners 1 AU Bank Savings A/C Interest rate: Upto 7.25% Balance required: INR 2,000 onwards Special feature: Monthly interest payouts Open Account On AU Bank's secure website 2 Yes Bank Savings Account Interest rate: Upto 6.25% Balance required: Zero Special feature: Earn up to 16000 Yes Bank Rewardz Points worth 4000 INR Open Account On Yes bank's secure websie 3 Kotak 811 Zero Balance Savings Account Interest rate: Upto 7% p.a. with ActivMoney Balance required: Zero Special feature: Zero-contact, Video KYC Savings Account Open Account On Kotak's secure website A digital payment transaction can happen both on the internet and in person to the payee. For example, if a buyer pays via UPI on an e-commerce website or buys from his local grocer and pays him through UPI while purchasing at the store, both are digital payment transactions. There are various modes of digital payments, including UPI, NEFT, AEPS, mobile wallets, and PoS terminals. UPI is the most preferred mode, having crossed the milestone of $1 trillion in the value of transactions. Why Pay Digitally? The transition to digital payments and receipts has some clear benefits, especially for small businesses in India. Consumers and businesses now expect the digital payments facility to be made available for faster and more secure payments with no risk and no charges. The payer has a mobile phone which provides additional authentication via fingerprint or other verification or biometric method, minimizing risk. For business transactions too, there are several benefits of going cashless. Cash management is eliminated resulting in a lower risk of theft and reducing the cost of security and storage. Digital payments are often quicker transactions, thereby resulting in shorter queues and enhancing the customer’s in-shop experience. Customer convenience is thus driving sales. A clear trail is available for easy accounting, helping simplify operations and tax compliance. Mobile-based digital payments also provide the payee with the ability to collect customer data for analytics and market segmentation. This enables retailers and issuer banks to use digital payments, along with loyalty and reward programs, to drive customer acquisition and retention through targeted marketing and customized offers. Credit Cards, one of the oldest payment methods, and the new age Buy Now Pay Later Model, supported by digital payments provides access to credit for customers. How Do Digital Payments Work? Parties Involved While on the surface, it may take only a few clicks to pay digitally, the digital payments ecosystem has several intermediaries that work seamlessly to facilitate a successful transaction. The entities involved in the end-to-end processing of a digital payment transaction include the merchant (payee), the consumer (payer), the bank, and the payment network. ‘Merchant’, in this context, refers to local Kirana stores, shopping malls, retail outlets, as well as e-commerce portals and service providers that provide the facility to transact or settle dues using digital payments. The bank that debits an amount from the payer is known as the issuer bank. On the other side is the acquirer bank, or the payee’s bank, which credits the amount on the receipt. Therefore, both parties must have a bank account and an online banking method to transact digitally. Working of Digital Payments System To understand the process of how digital payments work, let’s illustrate it with an example. Anjali Singh purchases apparel worth INR 5,500 from Rupesh Garments, a shop on busy Kalbadevi Road in Mumbai. She opts to make the digital payment for this amount using her debit card on the Point of Sale (PoS) machine or pay through UPI for any app (QR Code) in the shop. When the shopkeeper swipes the card on the PoS machine, several steps take place before the payment is made. Since the payment is being made with Anjali’s debit card, the PoS provider checks for a sufficient balance in her bank account. This is only after Anjali enters the transaction PIN, which is verified and then, if there is a sufficient balance, the digital payment is processed, and the money is debited from her account and credited to the business account of Rupesh Garments. In case a credit card is used for digital payments, the available credit limit is first verified with the card provider of the payer before the transaction is processed further. If Anjali buys from an eCommerce portal, then for digital payment, a payment request is sent from the eCommerce player to the payment gateway that it has tied up with. Then, the payment gateway seeks authorization through an OTP or PIN from Anjali, accepts the amount from her bank, and settles the amount with the bank that the e-commerce portal has an account with. The gateway has to first check the balance in Anjali’s bank account and accordingly either proceed with authentication or reject the request if she has an insufficient balance or inputs incorrect payment details. Featured Partners 1 AU Bank Savings A/C Interest rate: Upto 7.25% Balance required: INR 2,000 onwards Special feature: Monthly interest payouts Open Account On AU Bank's secure website 2 Yes Bank Savings Account Interest rate: Upto 6.25% Balance required: Zero Special feature: Earn up to 16000 Yes Bank Rewardz Points worth 4000 INR Open Account On Yes bank's secure websie 3 Kotak 811 Zero Balance Savings Account Interest rate: Upto 7% p.a. with ActivMoney Balance required: Zero Special feature: Zero-contact, Video KYC Savings Account Open Account On Kotak's secure website Bottom Line The payments industry is constantly innovating to make digital payments simpler and faster for users. By offering a range of options and making it as convenient and secure as possible for them to pay, businesses can nurture user stickiness and enhance their experience. 2. Critical Thinking Question: With the increasing popularity of digital payments, various technologies and platforms have emerged to facilitate transactions. Choose two different digital payment platforms (e.g., mobile wallets, online banking, cryptocurrencies) and compare their features, functionalities, and adoption rates. Assess the impact of these platforms on the financial industry and consumer behavior. Finally, discuss the potential implications of emerging technologies (such as blockchain and biometric authentication) on the future of digital payments. answer:Digital payments refer to electronic transactions conducted over the Internet or other electronic devices, allowing individuals and businesses to send and receive money without the need for physical currency. These transactions are facilitated through various online platforms, mobile apps, and electronic payment systems. What are the types of digital payments? credit/debit cards mobile wallets online banking peer-to-peer (P2P) transfers contactless cards cryptocurrencies QR code payments SDK.finance payment Platform is designed to support multiple digital payment options through its comprehensive set of features and functionalities. The Platform utilizes an API-driven architecture that streamlines integrating with multiple payment providers, making it easier for businesses to offer a wide range of payment options to their customers. Get your digital wallet product launched months faster Speed up the product release with a pre-developed FinTech solution About the product The digital payment system: How It works? The ecosystem of digital payments encompasses various technologies, platforms, and processes that enable individuals and businesses to conduct transactions electronically. To understand how digital payments work, we need to examine the participants of this process. Key participants in digital payment systems The consumer The merchant The issuer bank (the consumer’s bank that issues their credit or debit card) The acquirer bank (the merchant’s bank that receives the funds from digital transactions) Payment gateways are responsible for the verification of the customer’s balance or credit limit, which is linked to their customer’s bank account, during a digital transaction, such as processing a payment request. Step-by-step guide on the process of making a digital payment When making a digital payment, the process typically involves the following steps: 1. Initiation: the payment process begins when a customer initiates a transaction, whether it’s purchasing goods or services online, or selecting a digital payment method, such as credit cards or a mobile device with wallets. 2. Authorization: once the transaction is initiated, the payment information is securely transmitted to the payment processor or acquiring bank for authorization. 3. Processing: upon authorization, the first payment network or processor processes the transaction by debiting the client’s account. This step may involve communication between various parties, including banks, payment networks, and merchant service providers. 4. Settlement: settlement typically involves the transfer of funds from the issuer bank to the merchant’s bank. 5. Confirmation: once the settlement is completed, both parties receive confirmation of the transaction. What Are Digital Payments: Exploring Modern Trends, Methods, and Technologies The technology behind digital payments Several technologies play a crucial role in the operation and security of digital payments, including: Machine Learning and Artificial Intelligence Machine Learning algorithms allow companies to monitor transaction patterns and potential fraudulent activities, while AI-driven systems enhance user experience by understanding spending behaviors. NFC (Near Field Communication) NFC enables secure communication between devices in close proximity, that facilitates contactless transactions, allowing devices to communicate seamlessly. For example, using NFC, a customer can effortlessly pay for their coffee by simply tapping their smartphone against the cafe’s point-of-sale terminal, securely transmitting payment information and completing the transaction without the need for any physical credit cards or cash. Turn the first years of development into the first years of growing your revenue Get a pre-developed digital retail banking software to build your PayTech product on top More details MST (Magnetic Secure Transmission) MST is a technology that emits a magnetic signal to make mobile wallet communicate with traditional card readers. This technology allows digital wallets to be used with both traditional magnetic stripe and modern chip-based card readers, enhancing compatibility. For instance, MST technology emits a magnetic signal enabling digital wallets to seamlessly interface with conventional magnetic stripe card readers, offering users the flexibility to make secure transactions at both traditional and chip-based card terminals. Digital payments trends to watch in 2024 Digital payments are constantly changing due to technological advancements like AI and ML, changes in consumer behavior and the FinTech market. In 2024, we can expect to see the emergence of several key trends that will shape the digital payments landscape, including: Real-time payments Real-time payments, which allow for immediate fund transfers 24/7, thereby redefining traditional banking norms. This presents an opportunity for businesses to optimize cash flow management, simplify administrative processes, and create a more seamless customer experience. Cryptocurrency adoption Cryptocurrencies, such as Bitcoin, Ethereum, and others, continue to gain traction as alternative forms of payment. Businesses and consumers are increasingly accepting and using cryptocurrencies preferred payment method for transactions due to their decentralized nature, lower transaction fees, and potential for faster cross-border payments. Grow your revenue with a powerful payment processing software Payment acceptance software to provide a complete stack of online and offline financial services More info A2A (account-to-account) payments The expected increase in A2A payments in 2024 is primarily due to their integration with open banking. They are open banking-enabled, and this synergy, coupled with advances in instant payments and growing merchant adoption, is catapulting these transactions into a new era. As a result, A2A payments are not only becoming faster and cheaper, but also much more resistant to fraud. Central Bank Digital Currencies (CBDCs) Central Bank Digital Currencies (CBDCs) have emerged as a significant trend in the realm of digital payments. A CBDC is a digital form of a country’s national currency, issued and regulated by the central bank. Unlike cryptocurrencies such as Bitcoin, CBDCs are centralized and are considered legal tender. CBDCs aim to enhance financial inclusion, reduce transaction costs, and provide greater control over monetary policy. Biometric authentication Biometric authentication methods, including fingerprint scanning, facial recognition, and voice recognition, are becoming more prevalent in digital payments. For example, the global voice-based payment market is going to grow to USD 14.66 billion compared to 6.4 billion by 2030. What Are Digital Payments: Exploring Modern Trends, Methods, and Technologies These technologies offer enhanced security and convenience by replacing traditional authentication methods like passwords and PINs. Embedded finance Embedded finance refers to the integration of financial services into non-financial platforms and experiences, such as e-commerce websites, ride-sharing and mobile payment apps,, and social media platforms. This trend enables seamless and contextually relevant payments within existing digital ecosystems, blurring the lines between banking and other industries. These emerging trends are reshaping the way businesses and consumers engage in digital transactions, driving innovation and transformation across the payments industry. Conclusion The journey of digital payments continues to be a fascinating evolution, driven by innovation, technology, and the ever-changing needs of businesses and consumers. As these trends unfold, the digital payments landscape is set to become more secure, efficient, and seamlessly integrated into our daily lives. With SDK.finance you get a ready-made Platform to bring financial and digital payment services and products to life faster and start providing digital payments in the shortest possible time. Topic : Legal and Regulatory Framework 1. Research Question: Investigate and analyze the legal and regulatory framework governing digital payments in India. Examine the roles and responsibilities of key regulatory bodies such as the Reserve Bank of India (RBI), the Ministry of Finance, and other relevant authorities. Identify and discuss the major laws, regulations, and guidelines that govern digital payments, including data protection, consumer rights, and anti-money laundering measures. Additionally, evaluate the effectiveness of the current regulatory framework in fostering innovation and ensuring the security of digital payment systems. answer:Any financial transaction made by electronic methods rather than cash or tangible instruments such as cheques is referred to as a digital payment. With the establishment of the National Payments Corporation of India (“NPCI”) in 2008, there was a broad usage of digital payments in India. Since then, payment systems such as digital wallets, the Unified Payments Interface (“UPI”), and the Bharat Interface for Money (“BHIM”) have arisen. Table of Contents Another question that arises is – Are digital wallets safe? Digital Payment Regulations in India Reserve Bank of India and National Payments Corporation of India Payment and Settlement Systems Act, 2007 Ministry of Electronics and Information Technology Pradhan Mantri Jan Dhan Yojana Security and Privacy pertaining to digital payments in India Requirements and Compliance Guidelines for Merchants Trends and Future Outlook Conclusion FAQs What is the regulatory framework for digital payments in India? What are the security and privacy regulations for digital payments in India? What are the future prospects for digital payments in India? Another question that arises is – Are digital wallets safe? The government’s quest toward a cashless economy has resulted in the creation of a strong regulatory framework to safeguard the safety and security of digital transactions. This has helped the digital payment industry. The Reserve Bank of India (“RBI”) is the major regulatory organization in India in charge of supervising digital payments in India. The RBI has set several recommendations and regulations for digital payments, including Know Your Customer (“KYC”) standards, two-factor authentication, and transaction amount restrictions. The government has also launched several measures to encourage the usage of digital payments, such as the Digital India campaign and the launch of the BHIM app. Incentives such as rebates and discounts have also been given to encourage people to use digital payment methods. Digital Payment Regulations in India Various regulatory authorities in India control the digital payment industry, including the RBI, the NPCI, and the Ministry of Electronics and Information Technology (“MeitY”). Reserve Bank of India and National Payments Corporation of India The RBI regulates and supervises digital payment systems in India, such as electronic cash transfers, prepaid payment instruments, and card payments. It offers rules and regulations concerning digital payment system security, risk management, client protection, and other factors. The NPCI operates and manages payment systems such as UPI, Immediate Payment Service (“IMPS”), and Bharat Bill Payment System (“BBPS”). It is in charge of the creation and operation of these systems, as well as assuring their efficiency and security and resolving any payment-related issues. Payment and Settlement Systems Act, 2007 All digital payments in India, including those made using mobile wallets, prepaid cards, and online platforms, are governed under the Payment and Settlement Systems Act, 2007. The act creates a framework for oversight and monitoring of digital payment service providers, as well as standards for client protection and dispute resolution. It also authorizes and supervises payment system operators, as well as issues regulations to ensure the safety and efficiency of the digital payments industry. Ministry of Electronics and Information Technology MeitY is in charge of developing the country’s digital infrastructure, which includes e-governance, digital literacy, and digital payments. It collaborates with other regulatory bodies and industry stakeholders to promote digital payment system adoption in India. Pradhan Mantri Jan Dhan Yojana With the introduction of new payment systems and the execution of various initiatives to promote digital payments, India’s legislative framework for digital payments has undergone considerable changes in recent years. To improve financial inclusion and promote the usage of digital payments, the government has established many projects, including Digital India and the Pradhan Mantri Jan Dhan Yojana (“PMJDY”). The Indian government’s implementation of e-RUPI, a cashless and contactless digital payment option, is intended to improve the effectiveness of Direct Benefit Transfer (“DBT”) in the country. These initiatives have built a solid ecosystem for digital finance, paving the way for a cashless economy. Overall, India’s regulatory environment for digital payments is strong and expanding, with a focus on maintaining security, protecting customers, and encouraging innovation and the use of digital payment systems. Security and Privacy pertaining to digital payments in India In India, security and privacy are critical features of digital payments. The RBI has issued guidelines for digital payment security, including the adoption of two-factor authentication and encryption for sensitive data. Furthermore, the Draft Digital Personal Data Protection Bill, 2022 seeks to govern the collection, storage, and use of personal data by companies involved in digital payments. In addition, the government released the National Cyber Security Policy 2013, which aims to defend key information infrastructure from cyber threats. Despite these precautions, data breaches, phishing attempts, and identity theft continue to be a problem for digital payments in India. Consumers must be aware of these risks and take the required safeguards, such as using secure payment methods and monitoring their transaction history regularly. Requirements and Compliance Guidelines for Merchants To maintain the security of cardholder data during digital transactions, merchants in India must adhere to the Payment Card Industry Data Security Standards (“PCI DSS”). The PCI DSS framework requires merchants to establish a secure network, keep cardholder data secure, monitor and test security systems regularly, and maintain an information security policy. Merchants must also follow the RBI’s KYC standards, which require them to verify the name and address of their clients before onboarding them. Compliance with these principles protects merchants from fraud and data breaches while also increasing customer confidence in the digital payment system. Trends and Future Outlook The digital payments landscape in India is expected to continue its growth trajectory in the coming years. With initiatives such as the UPI, BharatQR, and the adoption of digital wallets in India, the usage of digital payments is likely to increase further. The COVID-19 pandemic has also accelerated the shift towards digital payments, as people increasingly avoid physical contact with cash. In terms of future outlook, there is a growing interest in using emerging technologies such as blockchain and artificial intelligence to enhance the security and efficiency of digital payments. The government is also expected to continue its focus on promoting digital payments through various initiatives and policies. Overall, the future of digital payments in India looks promising, with the potential to transform the payments landscape and drive financial inclusion. Conclusion Digital payments have developed as a significant force in India’s economy, fueled by the government’s push toward a cashless economy and technology improvements. The legislative environment for digital payments in India has been constantly expanding to keep up with the changing landscape, with the PSS Act providing a solid foundation for assuring security and privacy. To ensure the proper operation of the digital payments industry, merchants must follow certain standards. As India transitions to a more digital economy, the future outlook for digital payments is promising, with the sector likely to grow at a rapid pace. The implementation of new technologies like UPI and e-RUPI, as well as the increasing penetration of smartphones and internet connectivity, will continue to promote the expansion of digital payments. The transition to a cashless economy is expected to speed up in the next years, delivering more ease and financial inclusion to millions of Indians. 2. Case Study Question: Choose a recent regulatory update or guideline issued by the Reserve Bank of India (RBI) pertaining to digital payments. Summarize the key provisions and objectives of the guideline and discuss its implications for various stakeholders, including banks, payment service providers, merchants, and consumers. Analyze how this regulatory update aligns with the broader goals of financial inclusion, consumer protection, and promoting a cashless economy. Finally, assess the potential challenges and opportunities arising from the implementation of this guideline for the digital payments ecosystem in India. answer:1. Foreword 1.1 Payment systems foster economic development and financial stability as well as support financial inclusion. Ensuring safe, secure, reliable, accessible, affordable and efficient payment systems has been one of the important strategic objectives and goals of the Reserve Bank of India (RBI). Towards the pursuit of these objectives, India has developed one of the most modern payment systems in the world, be they large value, retail or fast. The past decade has witnessed the blossoming of quite a few payment systems, all for the convenience of common man with enhanced level of confidence through various safety and security measures. The role of RBI has transformed from being a regulator, operator and facilitator to creator of an environment for the structured development of the payments ecosystem in India. Payments Vision documents of RBI have been providing the strategic direction and implementation plan for this development since 2001. 1.2 The dynamic and accelerated development of the payments ecosystem in India, facilitated by increased adoption of technology and innovation, has established the country as a force to reckon with in the global payments space, in terms of not only growth in digital payments but also availability of a bouquet of safe, secure, innovative and efficient payment systems. Over 26 crore digital payment transactions are processed daily by our payment systems, of which Unified Payments Interface (UPI) system itself processes more than two-thirds. 1.3 Induced by the CoVID pandemic, the industry and society in general have been undergoing a major behavioral transformation towards making / accepting / facilitating digital payments, though the goal of covering every citizen through complete migration remains afar. BigTech and FinTech companies are actively expanding their scope of business from initial onboarding of customers for facilitating payment transactions to becoming participants of payment systems and thereafter providing a host of financial services. Further, data generated across economic sectors / regions, especially those concerning financial sector, is being largely viewed and recognised as the new business energy source and accordingly, there are regulations in place / envisaged for data protection and privacy. As is common knowledge by now, India has mandated local storage of payments data and is also in the process of legislating its own data protection law. 1.4 Steps have been initiated to digitally enable all mobile phone users (both smart phone and feature phone users) as well as securing offline and online card transactions and the transactions involving standing instructions by the users; further work needs to be undertaken for their effective implementation. Efforts have also been initiated towards bringing critical payment intermediaries into the formal regulated / supervised framework. The directions issued for Payment Aggregators (PAs) are a step in this direction. Initiatives are also on to up the payments acceptance infrastructure. 1.5 These activities have brought new challenges to the fore in terms of onboarding and retaining of customers into the digital payments fold by the stakeholders; providing low or no cost payment options to users, merchants included; fulfilling the demand of all stakeholders in terms of speed, efficiency and availability of payment services every time and from / to everywhere; facilitating availability of customer friendly dispute resolution and grievance redressal mechanisms; providing protection for mitigating the risks of losses on account of frauds, putting in place safe practices for protection of personal data, etc. The requirement for ensuring information security in a trusted environment in the payment industry cannot be undermined. 1.6 The current Vision document builds on the Payments Vision 2019-21 document and outlines the thought process for the period up to December 2025. It needs to be appreciated that initiatives would also emerge from evolving situation and may not necessarily be constrained by what the Payments Vision documents. For instance, recent developments in terms of (a) establishment of Reserve Bank Innovation Hub; (b) framework for security of card transactions like switch on / off facility; (c) guidelines on limiting customer liability in case of unauthorised transactions using Prepaid Payment Instruments (PPIs); (d) enabling Online Dispute Resolution (ODR) for digital payments; (e) review of scope and coverage of system audit of Payment System Operators (PSOs); (f) streamlining of Quick Response (QR) code infrastructure; (g) perpetual validity for Certificate of Authorisation of PSOs; (h) construction of RBI Digital Payments Index (DPI); etc., were in addition to the remit from the Payments Vision 2019-21 document. 1.7 Customer centricity is always paramount in every initiative of the Reserve Bank with multiple efforts in this direction; and this increases with growing customer confidence. And every initiative has been acknowledged, accepted and appreciated by increase in user onboarding and transaction volumes. 1.8 India is the world’s largest recipient of in-bound remittances. Enhanced interest evinced by major countries across the globe in India’s UPI could accelerate growth in trade and commerce with partnering countries while reducing speed and cost of remittances. With India outbound tourists exploding, proliferation of India’s payment products abroad would provide seamless experience to Indian travelers. 1.9 As we embark upon the journey of realising Payments Vision 2025, the steps taken so far towards enhanced outreach, customer centricity, cyber security and digital deepening would be further consolidated and built upon through the five pillars of integrity, inclusion, innovation, institutionalisation and internationalisation. These measures are expected to propel our payment systems further and surpass their potential at the national and international levels. Payments Vision 2025 leverages India’s efforts and builds on the focus of G-20 to enhance cross-border payments by addressing the four key challenges of cost, speed, access and transparency. Given the dynamic space of payment systems in the financial services space, efforts shall be conditioned by developments and readiness of the ecosystem to accept and further these initiatives. 2. Achievements of Payments Vision 2019-21 2.1 The Payments Vision 2021 had envisaged to empower every Indian with access to a bouquet of e-payment options that is safe, secure, convenient, quick and affordable, and had set four goalposts of Competition, Cost, Convenience and Confidence with 36 specific action points and 12 expected outcomes. 2.2 These goalposts have been accomplished through the following initiatives – Creation of regulatory sandbox, opening access of Centralised Payment Systems (CPS) to non-bank PSOs, facilitation of small value digital payments in offline mode, ‘on tap’ authorisation for payment systems, internationalisation of domestic payment systems, feature phone-based payment services, framework for self-regulatory organisation for payment systems, etc. (Competition). Waiver of charges levied by RBI for transactions processed in the Real Time Gross Settlement (RTGS) and National Electronic Funds Transfer (NEFT) systems, waiver of charges for savings bank account customers for online transactions in NEFT, review of Automated Teller Machine (ATM) interchange fee and customer charges, implementation of Payments Infrastructure Development Fund (PIDF) Scheme; increasing Legal Entity Identifier (LEI) usage for large value cross-border and domestic payments, framework for regulation of PAs, etc. (Cost). Availability of NEFT, RTGS and National Automated Clearing House (NACH) on 24x7x365 basis, harmonisation of Turn-Around-Time (TAT) for resolution and compensation in respect of failed transactions, e-mandates for recurring transactions using cards / PPIs / UPI, relaxation of Additional Factor of Authentication (AFA) requirements for small value card present transactions, increase in limits for contactless transactions, setting up a 24x7 helpline for digital payment services, etc. (Convenience). Framework for regulating Payment Aggregators (PAs), e-mandates for recurring transactions, tokenisation of card transactions and Card-on-File Tokenisation (CoFT), setting up of Centralised Payments Fraud Information Registry (CPFIR), geo-tagging of payment system touch points, framework for outsourcing of payment and settlement-related activities by PSOs, etc. (Confidence). 2.3 JAM (Jan Dhan, Aadhaar and Mobile) trinity, which is a fusion of sovereign initiatives in the form of Jan Dhan and Aadhaar, along with low-cost mobile and data have been key enablers for the growth and steep trajectory of digital payments in the country. Given that there are more than 131 crore Aadhaar card holders, there has been facilitation of the fold of digital payments by Direct Benefit Transfers (Government to Person or G2P payments) through the Aadhaar Payment Bridge System (APBS). This has also resulted in significant growth in Aadhaar-enabled Payment System (AePS) through the Business Correspondent assisted model for facilitating digital payments using micro-ATMs. The increase in mobile phone consumer base with about 114 crore mobile users (TRAI, February 2022), of which about 84 crore (Statista, 2021) have smart phones, has facilitated digital payments through technology driven platforms for mobile banking (banks), mobile wallets (dominance of private entities) and USSD based payments as well as UPI based payments (through UPI123Pay) for feature phone users. 2.4 Adoption of digital payments was growing before onset of CoVID pandemic, but the steps taken by Reserve Bank along with additional thrust provided by the pandemic have accelerated the shift, leading to a dramatic increase in contactless and online payments. For all organisations that rely on or are in the payments ecosystem, effective digital payments strategy and operations are fundamental. The contactless nature of the digital modes – enabled by innovative technologies and regulatory flexibility – has given crores of Indians a choice to practice social distancing while making payments. Another significant trend is the entry of small businesses into digital payments. Data shows an increase of more than 500% in merchants accepting digital modes of payments during the half-year ended September 2021 as compared to half-year ended March 2019; in case of UPI alone, there is an increase of more than 1200% over the same period. There has also been a significant rise in deployment of payment touch points driven by the implementation of PIDF. 2.5 Digital payments are not simply about technology. For consumers, adoption of digital payment depends upon their lifestyle and how comfortable they are transacting digitally / online. The data shows that there has been increase in unique users of mobile banking and internet banking by 99% and 18%, respectively, between March 2019 and September 2021. 2.6 Total digital payments have increased by 216% and 10% in terms of volume and value, respectively, for the month of March 2022 when compared to March 2019. On the other hand, usage of paper instruments has come down significantly during the same period, with its share in total retail payments registering a decline from 3.83% to 0.88% in terms of volume and from 19.62% to 11.47% in terms of value. Of the digital payments, UPI, IMPS and PPI transactions registered CAGR of 104%, 39% and 13% respectively during the vision period. However, debit card transactions at PoS decreased by CAGR of 3.7%, mainly due to the lockdown restrictions imposed during the pandemic. 2.7 It is also seen that the user experience has changed with the use of debit cards for payments than for cash withdrawals, online transactions competing favourably with offline (or card present), and small or large value transactions being undertaken through digital means. 3. Payments Vision 2025 Core Theme E-Payments for Everyone, Everywhere, Everytime (4 Es) Vision – Provide every user with Safe, Secure, Fast, Convenient, Accessible, and Affordable e-payment options (6 Attributes) 3.1 The journey of payment systems in India has been phenomenal in the recent couple of years. The Payments Vision 2025 promises to further elevate our payment systems towards a realm of empowering users with affordable payment options accessible anytime and anywhere with convenience. As this journey towards less-cash and less-card society unfolds, concomitant expansion in the basket of digital payment options with credence and confidence would ensure sustenance of Reserve Bank’s approach of facilitating users with a seamless digital payment experience. This will also reinforce India’s position as the global leader in digital payments domain. Considering the current geo-political developments across the world, the Payments Vision 2025 document also seeks to address the potential risks arising out of any adverse situation that may arise. 3.2 The Payments Vision 2025 document is presented across the five anchor goalposts of Integrity, Inclusion, Innovation, Institutionalisation and Internationalisation. Resilience to operational and security concerns would continue to be at the heart to withstand and recover from the evolving threat landscape. Integrity of payment systems shall be non-negotiable for buttressing customer confidence. With the change / shift in customer behaviour towards embracing digital and touchless modes of payments, partly due to the CoVID, there is a spike of 50% in mobile banking users, indicating inclusion of first-time users into the digital fold. The challenge to make this an irreversible shift, eventually seeking convenient and tailored payment solutions, would be pursued. 3.3 Inclusion would be promoted through collection and publication of disaggregated payment data leading to policy enhancements, where required; customer awareness transcending geographies, participant members and customer segments; identifying spatial penetration of digital payment acceptance infrastructure across states / districts; reviewing the scope of PIDF Scheme, etc. To further spur innovation, UPI like system for cards and an enabling framework for Internet of Things (IoT) based payments would be explored. 3.4 It is also considered opportune to showcase India’s achievements at the international fora. Increased involvement in discussions of global standard-setting bodies, including interlinkage with fast payment systems of other jurisdictions with focus on adjoining corridors, will be furthered; this could also be expected to improve trade and commerce and reduce cost and time for remittances. Higher adoption of digital payments and associated less-cash outcome is expected to reduce costs associated with usage of cash or near-cash substitutes. This would enhance the share of digital payments to GDP and contribute towards improved transparency in transactions. 3.5 A snapshot of the specific initiatives, including discussions on different dimensions, that are planned as part of Payments Vision 2025 document is tabulated below. Goalposts for Payments Vision 2025 Integrity Inclusion Innovation Institutionalisation Internationalisation Weave in alternate authentication mechanism(s) for digital payment transactions (para 4.1.1) Enable geo-tagging of digital payment infrastructure and transactions (para 4.2.1) Facilitate framework for IoT and context-based payments (para 4.3.1) Comprehensive review of legislative aspects of PSS Act provisions and regulations (para 4.4.1) Global outreach of RTGS, NEFT, UPI and RuPay cards (para 4.5.1) Broaden scope, usage and relevance of LEI in all payment activities (para 4.1.2) Revisit guidelines for PPIs including closed system PPIs (para 4.2.2) Migrate all RBI-operated payment system messages to ISO 20022 standard (para 4.3.2) Constitute a Payments Advisory Council (PAC) to assist Board for Regulation and Supervision of Payment and Settlement Systems (BPSS) (para 4.4.2) Expand SFMS, InFiNet frameworks across jurisdictions (para 4.5.2) Expand interoperability to contactless transit card payments in offline mode (para 4.1.3) Consider framework for regulation of all significant intermediaries in payments ecosystem (para 4.2.3) Link credit cards and credit components of banking products to UPI (para 4.3.3) Operationalise National Card Switch for card transactions at PoS and resultant settlements (para 4.4.3) Two Factor Authentication (2FA) for cross-border card transactions (para 4.5.3) Enhance scalability and resilience of payment systems (para 4.1.4) Bring in enhancements to Cheque Truncation System (CTS), including One Nation One Grid clearing and settlement perspective (para 4.2.4) Create payment system for processing online merchant payments using internet / mobile banking (para 4.3.4) Active engagement and involvement in international fora (discussions of standard-setting bodies) (para 4.4.4) Seek inclusion of INR in Continuous Linked Settlement (CLS) (para 4.5.4) Leverage ODR system for fraud monitoring and reporting (para 4.1.5) Extend Internal Ombudsman Scheme to all PSOs (para 4.2.5) Organise payment innovation contests & hackathons (para 4.3.5) Bring further efficiencies in payment processing and settlements on introduction of Central Bank Digital Currencies (CBDCs) – Domestic and Cross-Border (para 4.5.5) Provide enhancements to CPFIR (para 4.1.6) Support increase in market trading and settlement hours (para 4.2.6) Review need for multiple payment identifiers (para 4.3.6) Provide payee name look-up for fund transfers (para 4.1.7) Upscale customer outreach and awareness activities (para 4.2.7) Explore guidelines on payments involving Buy Now Pay Later (BNPL) services (para 4.3.7) Increase proportionate oversight of PSOs (para 4.1.8) Revisit scope and usefulness of PIDF scheme (para 4.2.8) Include assessment of RTGS & NEFT under Principles for Financial Market Infrastructures (PFMIs) (para 4.1.9) Attempt regulation of BigTechs and FinTechs in payments space (para 4.2.9) Explore local processing of payment transactions (para 4.1.10) Continue endeavour to collect and publish granular, disaggregated payment systems data (para 4.2.10) Study creation of Digital Payments Protection Fund (DPPF) (para 4.1.11) Make payment systems more inclusive (para 4.2.11) Undertake evaluation of charges for all payment systems (para 4.2.12) Coordinate migration of government receipts and payments to digital mode (para 4.2.13) 3.6 Various initiatives proposed under the above five goalposts shall have the following ten expected outcomes during the Vision period: Volume of cheque-based payments to be less than 0.25% of the total retail payments; More than 3x increase in number of digital payment transactions; UPI to register average annualised growth of 50% and IMPS / NEFT at 20%; Increase of payment transaction turnover vis-à-vis GDP to 8; Increase in debit card transactions at PoS by 20%; Debit card usage to surpass credit cards in terms of value; Increase in PPI transactions by 150%; Card acceptance infrastructure to increase to 250 lakh; Increase of registered customer base for mobile based transactions by 50% CAGR; and Reduction in Cash in Circulation (CIC) as a percentage of GDP. 4. Specific Initiatives 4.1 INTEGRITY 4.1.1 WEAVE IN ALTERNATIVE AUTHENTICATION MECHANISM(S) FOR DIGITAL PAYMENT TRANSACTIONS AFA or 2FA has generally been prescribed by Reserve Bank for all payment transactions. Though the form factor of AFA has not been specified, SMS based OTP has become a go-to AFA. Considering emerging concerns with OTP-based authentication in terms of increasing cases of phishing / vishing / smishing modes for divulgence of customer confidential details, alternate risk-based authentication mechanisms leveraging behavioral biometrics, location / historical payments, digital tokens, in-app notifications, etc., shall be explored. 4.1.2 BROADEN SCOPE, USAGE AND RELEVANCE OF LEI IN ALL PAYMENT ACTIVITIES Encouraging the use of LEI in payment systems facilitates faster tracking of payments, unique identification of parties involved, ensures greater precision and transparency and helps in the adoption of a single identity for an entity across multiple applications. Aspects of speed and transparency, enumerated in G20 Roadmap for enhancing cross-border payments, shall also thereby get addressed. The use of LEI in areas like sanctions screening, Know Your Customer (KYC), corporate invoice reconciliation, fraud detection, etc. shall be explored. 4.1.3 EXPAND INTER-OPERABILITY TO CONTACTLESS TRANSIT CARD PAYMENTS IN OFFLINE MODE Contactless payments in offline mode were permitted with the launch of National Common Mobility Card (NCMC). The feature of tap-and-go offline payment was initially permitted for transit payments, considering the requirement of fast check out time for transit payments and it was later in January 2022 extended to retail payments. The standards for NCMC, developed by NPCI, made use of the qSPARC specifications for contactless payments. The possibility of interoperability for contactless transit card payments in offline mode shall be explored to facilitate seamless travel with a single payment instrument usable across different transit operators. 4.1.4 ENHANCE SCALABILITY AND RESILIENCE OF PAYMENT SYSTEMS 4.1.4.1 Reserve Bank has issued directions for Central Counterparties (CCPs) in October 2018 and June 2019 regarding governance, net-worth requirements, ownership and recognised Foreign CCPs. RBI shall undertake a comprehensive review of these directions so that the governance standards, including appointment, reappointment, fit and proper criteria of directors, are aligned at par with banks. Efforts shall be made to consolidate all instructions issued to CCPs. 4.1.4.2 Settlement of various payment systems in central bank money is undertaken in both e-Kuber (the core accounting system of the RBI) and RTGS, ensuring mitigation of settlement risk. To facilitate efficient liquidity management for members, RBI shall explore developing a system of liquidity bridge for seamless transfer of funds from one system to another automatically without intervention of members. 4.1.4.3 NEFT system is available round the clock throughout the year. NEFT is presently operated in batches at half-hourly intervals throughout the day. To further reduce the settlement risk as also to improve efficiency by making the payments near-real time, the frequency of batches in NEFT shall be reviewed and increased. 4.1.5 LEVERAGE ODR SYSTEM FOR FRAUD MONITORING AND REPORTING The Master Direction on Digital Payment Security Controls dated February 18, 2021, issued by Reserve Bank, mandated the Regulated Entities (REs) to provide a mechanism on their mobile and internet banking application for customers to identify / mark a transaction as fraudulent for seamless and immediate notification to the issuer RE. On such notification, the REs may endeavour to build the capability for seamless / instant reporting of fraudulent transactions to the corresponding beneficiary / counterparty’s RE. Implementation of this instruction requires a central agency to facilitate such routing of messages to the beneficiary REs. Till the time this feature is built in as part of CPFIR, the feasibility of leveraging ODR system for the same shall be examined. 4.1.6 PROVIDE ENHANCEMENTS TO CPFIR 4.1.6.1 The CPFIR has been set-up and operational since March 2020. Scheduled Commercial Banks and non-bank PPI Issuers use the CPFIR for reporting payment frauds. Access to Urban Co-operative Banks and RRBs shall be examined. Further, enhancements to the CPFIR in terms of creating negative database of fraudulent beneficiaries, analysing modus operandi of fraudsters, publishing reports on trends in payment frauds, etc., shall be considered. 4.1.6.2 To leverage on the payment frauds reported in CPFIR, it is essential to move towards real / near real-time reporting of payment frauds and put in place an integrated platform for all stakeholders (payment system operators and participants – banks and non-banks, law enforcement agencies, etc.) to share information and initiate necessary corrective action to prevent frauds. The Reserve Bank shall engage with the industry and Government to examine the feasibility of integrating CPFIR with other fraud reporting solutions to ensure that a single comprehensive platform is made available for real-time reporting and resolution of payment frauds in the country. 4.1.7 PROVIDE PAYEE NAME LOOK-UP FOR FUND TRANSFERS Presently, the fund transfer payment systems, i.e. RTGS, NEFT, IMPS and UPI provide for a system of positive confirmation whereby the sender is also intimated about the credit to the beneficiary. Of these, only UPI has a facility for the payer to check and confirm the name of the account holder being paid before making the payment. Over a period, there are complaints about credit to unintended beneficiary due to inadvertent wrong account number entry. Hence, introduction of payee name look-up, a service for checking the beneficiary’s actual name shall be explored for other funds transfer systems such as RTGS, NEFT, IMPS, etc. 4.1.8 INCREASE PROPORTIONATE OVERSIGHT OF PSOs The card networks and cross-border money transfer (in-bound service) operators are presently supervised through submission of off-site returns. Requirement of on-site inspection of such entities shall be explored and, to start with, the need for an onsite visit shall be examined encompassing interaction with the executives of the entities as well as the overseas regulators. 4.1.9 INCLUDE ASSESSMENT OF RTGS AND NEFT UNDER PFMIs RBI has adopted the PFMIs, published jointly by the Committee on Payments and Market Infrastructures (CPMI) and the International Organisation of Securities Commissions, through its policy document “Regulation and Supervision of FMIs regulated by RBI”. Accordingly, all RBI authorised payment systems declared as systemically important payment system / system wide important payment system and Securities Settlement Systems, CCPs, Central Securities Depositories and Trade Repositories are expected to comply with the PFMI standards. The assessment of RTGS and NEFT, owned and operated by RBI, shall be carried out periodically under the PFMI standards and published. 4.1.10 EXPLORE LOCAL PROCESSING OF PAYMENT TRANSACTIONS Presently guidelines are in place for domestic storage of payments data. Banks and non-bank PSOs are allowed to process payment transactions abroad subject to certain conditions. Keeping in view the emerging geo-political risks, options shall be explored to ring-fence domestic payment systems, including the need to mandate domestic processing of payment transactions. 4.1.11 STUDY CREATION OF DIGITAL PAYMENTS PROTECTION FUND (DPPF) With the growing adoption of digital payment modes, there is rise in digital payment frauds. Inspite of the efforts of stakeholders, recovery rate of defrauded amounts is not very encouraging. With an aim to provide a security cover to defrauded customers / issuers of payment instruments, a study on scope / feasibility of creation of DPPF shall be undertaken. 4.2 INCLUSION 4.2.1 ENABLE GEO-TAGGING OF DIGITAL PAYMENT INFRASTRUCTURE AND TRANSACTIONS A framework for geo-tagging of payment system touch points has been prescribed and Reserve Bank has commenced collection of location information, including geo-coordinates, of payment acceptance infrastructure across the country. To measure the extent of digital payment penetration across various states / districts / areas within the country and undertake targeted interventions as well as to enhance fraud monitoring and dispute resolution by PSOs and participants, RBI shall examine the desirability and feasibility of geo-tagging of payment transactions keeping in view the customer privacy concerns. 4.2.2 REVISIT GUIDELINES FOR PPIs INCLUDING CLOSED SYSTEM PPIs PPI have always been an evolving area and there are multiple players involved with a variety of business models that issue and operate PPIs – for usage within a closed group of merchants or open for wide usage. A PPI could be viewed as a payment instrument intended to shift customer preference from cash to digital. While the digital payment transactions using PPIs is growing, RBI shall continue to develop a conducive framework for long term growth of PPIs with enhanced security of transactions. A comprehensive review of the different types of PPIs including timeline for full-KYC PPIs, definition of closed system PPIs, and the related aspects, shall be undertaken. 4.2.3 CONSIDER FRAMEWORK FOR REGULATION OF ALL SIGNIFICANT INTERMEDIARIES IN PAYMENTS ECOSYSTEM Innovation in payment processing and fund transfers have seen the rise of intermediaries that facilitate payments between payers and recipients. They eliminate many frictions and provide value added services to the participants of payment industry. Uniformity in implementation of user onboarding processes and transparency in operations of such intermediaries is found wanting. At present, RBI has issued instructions for regulating the activities of online PAs, while providing baseline technology-related recommendations to Payment Gateways (PGs). The need to bring all significant payment intermediaries, including offline PAs, under direct regulation of RBI shall be considered. 4.2.4 BRING IN ENHANCEMENTS TO CTS, INCLUDING ONE NATION ONE GRID CLEARING AND SETTLEMENT PERSPECTIVE 4.2.4.1 To promote efficient cheque processing, measures shall be taken to migrate from the current architecture of three regional grids to ‘One Nation, One Grid’. This is also expected to improve cost effectiveness and make the related regulations simpler. 4.2.4.2 The current approach of batch processing of presentation and return sessions for clearing and settlement of cheques shall be migrated to ‘on-realisation-settlement’ model, wherein the processing shall be continuous. This is expected to reduce the settlement risk, provide larger time window for the banks to present the instruments and enable faster realisation of funds for the customers. 4.2.5 EXTEND INTERNAL OMBUDSMAN SCHEME TO ALL PSOs As a part of confidence building measure and safeguarding the interests of customers, the Internal Ombudsman Scheme was institutionalised in 2019 for the large non-bank PPI Issuers having more than one crore outstanding PPIs in terms of numbers. The Scheme provides for a swift, efficient and effective complaint redressal mechanism within the entity itself by an independent authority placed at the apex level in the entity’s grievance redressal mechanism so as to minimise the need for the customers to approach other fora for redressal. With the positive experience gained so far, measures shall be taken to bring all the authorised PSOs under this Scheme. 4.2.6 SUPPORT INCREASE IN MARKET TRADING AND SETTLEMENT HOURS The money market and capital market currently operate at fixed hours. However, the RTGS and NEFT payment systems which enable settlements in these markets, operate on a 24x7 basis. With a view to leverage the availability of payment systems on 24x7x365 basis, extension of trading hours of these markets to enable longer market availability for trading and settlement shall be facilitated, in conjunction with the concerned market departments of the Reserve Bank. This shall enhance efficiency and further price discovery in these markets. 4.2.7 UPSCALE CUSTOMER OUTREACH AND AWARENESS ACTIVITIES Reserve Bank has been actively taking measures to enhance customer awareness through its electronic-Banking Awareness And Training (eBAAT) programmes and organising campaigns on safe use of digital payment modes through various media channels. Of late, cyber-crimes related to payments have been on a rise, calling for stepping up of the customer awareness campaigns. The existing e-BAAT programmes shall be ramped up to promote awareness using all possible traditional channels at bank branch level and other channels including social media. The training approach shall be shifted from passive and mass communication to customised and user specific delivery channel. The scope of public awareness campaigns under the “RBI Says” tag shall be widened to cover different payment systems and their effectiveness shall be gauged through the outcomes of customer surveys conducted on a periodic basis. 4.2.8 REVISIT SCOPE AND USEFULNESS OF PIDF SCHEME Currently, PIDF Scheme subsidises deployment of PoS infrastructure (physical and digital modes) in tier-3 to tier-6 centres and north-eastern states of the country. Beneficiaries of PM Street Vendor’s AtmaNirbhar Nidhi (PM SVANidhi Scheme) in tier-1 and tier-2 centres are also covered. Post the successful roll-out of geo-tagging of payment system touch points, scope of the Scheme shall further be reviewed for continuation and, if necessary, to cover more regions and merchant categories for targeted expansion of acceptance infrastructure. 4.2.9 ATTEMPT REGULATION OF BIGTECHS AND FINTECHS IN PAYMENTS SPACE BigTechs and FinTechs play an invigorating role in onboarding new users and customising payment experience. Given their increasingly dominant role in payments ecosystem, a discussion paper on the need for proportionate regulation by the Reserve Bank encompassing domestic incorporation, reporting, data use, etc., shall be published. 4.2.10 CONTINUE ENDEAVOUR TO COLLECT AND PUBLISH GRANULAR, DISAGGREGATED PAYMENT SYSTEMS DATA The Reserve Bank publishes granular data on payment system indicators covering payment transactions, usage of different channels for undertaking payments and availability of payment acceptance infrastructure. Not only is payment systems data disseminated daily but the lag in publishing of granular data on a monthly / quarterly basis has also been largely brought down. To encourage research and facilitate analysis of in-depth trends in payments as well as assess the extent of financial inclusion across the country, collection and publication of disaggregated data on payment systems shall be facilitated. 4.2.11 MAKE PAYMENT SYSTEMS MORE INCLUSIVE The Reserve Bank has been at the forefront of expanding the reach of digital payments to different strata of population. Differently-abled persons, including those with visual impairments, might be facing issues while transacting digitally. To help obviate the difficulties faced by them, the Reserve Bank shall examine the feasibility of implementing suitable policy initiatives, including standardisation of most used icons, text-to-voice features, etc. 4.2.12 UNDERTAKE EVALUATION OF CHARGES FOR ALL PAYMENT SYSTEMS Providing digital payment services entail costs, which are borne by one or more of the payment system participants (switching fees, interchange fees, etc.) or are passed on to the merchant (Merchant Discount Rate) or the customer (customer charges). While collecting charges from the merchants and / or customers may be required for viability of digital payments, care needs to be taken to ensure that they are reasonable and do not deter digital payments adoption. A comprehensive review of all aspects related to charges involved in various channels of digital payments shall be undertaken. 4.2.13 CO-ORDINATE MIGRATION OF GOVERNMENT RECEIPTS AND PAYMENTS TO DIGITAL MODE The APBS operated by NPCI has been helping the Government(s) and Government agencies in successfully channelising the Government subsidies to the intended beneficiaries as part of the Direct Benefit Transfer Scheme. The APBS links the Government Departments and their sponsor banks on one side and beneficiary banks and beneficiaries on the other. To migrate all the government receipts and payments to digital mode, Reserve Bank shall coordinate with the central and state governments to integrate their payment platforms with the Reserve Bank’s eKuber. 4.3 INNOVATION 4.3.1 FACILITATE FRAMEWORK FOR IOT AND CONTEXT-BASED PAYMENTS IoT devices are increasingly becoming a part of, as well as revolutionising, the payments landscape. An IoT enabled payment system could help consumers pay for a range of goods and services through connected devices beyond just phones or tablets. With a view to promoting growth of this segment and at the same time protect customer interests, an enabling framework on IoT-based payments covering aspects of data security, authentication, identity validation, etc. shall be facilitated. 4.3.2 MIGRATE ALL RBI OPERATED PAYMENT SYSTEM MESSAGES TO ISO 20022 STANDARD Messages provide a common set of rules for exchanging critical information for a payment transaction to take place. Payment System Operators across the world have embarked on a journey to implement ISO 20022. This standard brings significant benefits – enables straight-through processing with less need for manual intervention, allows switching between payment systems and re-routing of messages which could reduce the impact of outages on users, provides richer data enabling better compliance and regulation as well as making it easier for businesses to detect fraud and help target financial crime, facilitates better analytics and more efficient reconciliation, promotes international harmonisation supporting cross-border payments, etc. To unlock these benefits and ensure greater interoperability including with systems of other jurisdictions, steps shall be taken to migrate all the RBI-operated payment messaging systems to ISO 20022 standard. 4.3.3 LINK CREDIT CARDS AND CREDIT COMPONENTS OF BANKING PRODUCTS TO UPI UPI transactions have been growing by leaps and bounds at the cost of other retail payments, especially card transactions. One of the reasons for its popularity is the convenience and seamless experience it offers to users. Currently, a UPI user can only link the bank account (savings / current account) and the debit card to the UPI Virtual Payment Address (VPA). To offer more avenues and greater convenience to users in making payments through UPI platform, feasibility of linkage of credit cards and credit components of banking products to UPI shall be explored. 4.3.4 CREATE PAYMENT SYSTEM FOR PROCESSING ONLINE MERCHANT PAYMENTS USING INTERNET / MOBILE BANKING All merchant payment transactions done using internet / mobile banking are presently processed through payment gateways / payment aggregators. As this practice entails delays in merchant settlements, a framework shall be introduced such that all these transactions are also processed through a payment system. 4.3.5 ORGANISE PAYMENT INNOVATION CONTESTS AND HACKATHONS Innovation is making payments increasingly convenient, instantaneous and ubiquitous. In the wake of success of the RBI’s first global hackathon – “HARBINGER 2021 – Innovation for Transformation”, efforts shall be continued towards organising national / international payment hackathons, competitions and conferences to foster innovation and exchange of ideas. 4.3.6 REVIEW NEED FOR MULTIPLE PAYMENT IDENTIFIERS Funds transfer through RTGS, NEFT and IMPS requires the beneficiary bank account number and Indian Financial System Code (IFSC) as identifiers. As bank account numbers in each bank are unique, funds transfer could be facilitated without the IFSC of the beneficiary branch. The need for IFSC to make funds transfer shall be reviewed and alternative options with suitable provision for collecting beneficiary bank details shall be explored to make funds transfer simpler and hassle-free for customers. 4.3.7 EXPLORE GUIDELINES ON PAYMENTS INVOLVING BNPL SERVICES BNPL services have developed into a new payment mode alongside the existing payment modes like cards, UPI, and net banking. This channel, facilitated by a few payment aggregators, leverages the existing nodal account (escrow account after authorisation) to route payments between BNPL customer and a merchant. This novel method shall be examined, and issuance of appropriate guidelines on payments involving BNPL shall be explored. 4.4 INSTITUTIONALISATION 4.4.1 COMPREHENSIVE REVIEW OF LEGISLATIVE ASPECTS OF PAYMENT AND SETTLEMENT SYSTEMS ACT PROVISIONS AND REGULATIONS India is one of the few countries with a specific payment systems legislation. Considering the importance of development and orderly functioning of payment systems, the PSS Act was legislated in 2007 when the digital payments ecosystem in India was nascent. Considering the emerging requirements of the highly dynamic and fast evolving payment ecosystem, both domestic and cross-border, Reserve Bank shall endeavour to comprehensively review the PSS Act and the corresponding Regulations. 4.4.2 CONSTITUTE PAYMENTS ADVISORY COUNCIL (PAC) TO ASSIST BPSS To assist the BPSS, a PAC with experts representing consumer groups, payments technology, legal, bankers, fintechs / start-ups, data analysts, etc., shall be constituted. The composition of the PAC shall be reviewed periodically and suitably modified to maintain its relevance. 4.4.3 OPERATIONALISE NATIONAL CARD SWITCH FOR CARD TRANSACTIONS AT PoS AND RESULTANT SETTLEMENTS All ATM transactions are primarily processed through the National Financial Switch (NFS). Presently, while card transactions at ATMs are processed through either the NFS or ATM networks or the concerned card networks, card transactions at PoS terminals are processed only through the concerned card network. To promote competition and thereby bring in more efficiency and innovation in processing of such transactions, the possibility of implementing a National Card Switch to process card transactions at PoS terminals and the resultant settlements shall be examined. 4.4.4 ACTIVE ENGAGEMENT AND INVOLVEMENT IN INTERNATIONAL FORA (DISCUSSIONS OF STANDARD-SETTING BODIES) Reserve Bank also represents India in various international standard setting bodies, viz. Financial Stability Board (FSB), CPMI, etc. relevant to payment systems and actively participates in working groups, task forces, etc. constituted with the aim to enhance the payments ecosystem. With India’s G20 presidency in 2023, RBI shall continue its active participation in such fora and play a leadership role in transforming the payments ecosystem across the globe. 4.5 INTERNATIONALISATION 4.5.1 GLOBAL OUTREACH OF RTGS, NEFT, UPI AND RUPAY CARDS 4.5.1.1 The potential of UPI has been recognised world over by numerous authorities. Reserve Bank shall actively support the global outreach initiatives to expand the footprint of domestic payment systems by collaborating with relevant stakeholders (e.g. Central Banks, BIS, World Bank, other institutions, etc.). 4.5.1.2 The RTGS system presently settles domestic fund transfer transactions on gross basis. The system which runs on ISO 20022 standard, customised to suit domestic requirements, shall be streamlined with the internationally accepted standard for cross-border fund transfers. The feasibility of expanding RTGS to settle transactions in major trade currencies such as USD, Pound, Euro, etc., shall be explored through bi-lateral or multi-lateral arrangements. The arrangements could be expected to provide real time proceeds in foreign currencies to traders and establishing the country as a major centre for international financial trades. 4.5.1.3 In order to access the Reserve Bank operated CPS, an entity is required to maintain a current account and a settlement account with RBI. To facilitate payments to and from other jurisdictions through CPS, the feasibility of other central banks maintaining current account and settlement accounts with RBI in INR (₹) shall be explored. Similarly, RBI shall examine maintaining accounts with other central banks for the purpose of facilitating direct remittances in foreign currencies. This could be expected to increase acceptance of INR in other jurisdictions and making cross-border transactions cost effective and timely. 4.5.1.4 The Indo-Nepal Remittance Facility Scheme was launched by the RBI in May 2008 for cross-border remittances from India to Nepal, using the NEFT system. To boost trade payments between the two countries, as also to facilitate person-to-person remittances electronically to Nepal, ceiling per transaction was increased from ₹ 50,000 to ₹ 2 lakh and the cap of 12 remittances in a year per remitter was removed. Efforts shall be undertaken to extend such remittance facilities to other countries depending on feasibility. 4.5.2 EXPAND SFMS AND INFINET FRAMEWORKS ACROSS JURISDICTIONS The Indian Financial Network (INFINET) is a membership-only Closed User Group network that comprises the RBI, CPS member banks and financial institutions. It provides financial messaging services through its Member Interface application to all RTGS participants. Backed by the communication medium of INFINET, SFMS is the Indian standard for domestic financial messaging for centralised payment systems, viz. NEFT and RTGS, which supports ISO 20022 standard message format for payment systems. The feasibility of providing membership / technology of INFINET to other jurisdictions shall be explored. Further, it shall be explored to expand the framework of SFMS to provide a domestic payment system platform to other jurisdictions. This could be expected to provide faster, convenient and cost-effective direct payment channels with other jurisdictions. 4.5.3 2FA FOR CROSS-BORDER CARD TRANSACTIONS AFA has been a predominant factor in safeguarding domestic payments and giving confidence to users in digital payments. To give a similar experience and increase safety of international transactions done using cards issued in India, implementing AFA for cross-border transactions shall be explored. 4.5.4 SEEK INCLUSION OF INR IN CONTINUOUS LINKED SETTLEMENT (CLS) CLS is an initiative, with settlement in Payment versus Payment (PvP) mode, to address the Herstatt risk associated with the settlement of foreign exchange trades. CLS provides protection for cross-currency settlement in 18 currencies. In India, CCIL participates in CLS as a third-party member acting as an aggregator of trades for its member banks. Internationalisation of domestic currency is gaining importance in recent times with many countries pursuing efforts in this direction. With excellent FMIs already in place and deepening of forex and financial markets, a mechanism for international INR settlement through CLS Bank would help increase global acceptance of INR. RBI shall initiate dialogue for including INR as a currency in CLS. 4.5.5 BRING FURTHER EFFICIENCIES IN PAYMENT PROCESSING AND SETTLEMENTS ON INTRODUCTION OF CBDCs – DOMESTIC AND CROSS-BORDER CBDC has been gaining much traction with 86% of the central banks globally reviewing its feasibility for cross-border transactions as well as for internal benefits (2021 BIS Survey). CBDC is also an area of interest for G20 under its priority initiative to enhance cross-border payments. Reserve Bank is working towards introduction of CBDC in India. Various use cases shall be studied and explored to bring in further efficiencies in domestic and cross-border payment processing and settlement using CBDCs. Acronyms 2FA Two Factor Authentication APBS Aadhaar Payment Bridge System AePS Aadhaar-enabled Payment System AFA Additional Factor of Authentication ATM Automated Teller Machine BIS Bank for International Settlements BNPL Buy Now Pay Later BPSS Board for Regulation and Supervision of Payment and Settlement Systems CAGR Compound Annual Growth Rate CCIL Clearing Corporation of India Limited CCP Central Counter Party CIC Cash in Circulation CLS Continuous Linked Settlement COFT Card-on-File Tokenisation CPFIR Central Payments Fraud Information Registry CPMI Committee on Payments and Market Infrastructures CPS Centralised Payment System DPI Digital Payment Index e-BAAT e-banking awareness & training FMI Financial Market Infrastructure FSB Financial Stability Board GDP Gross Domestic Product IFSC Indian Financial System Code IMPS Immediate Payment Service INFINET Indian Financial Network INR Indian National Rupee IoT Internet of Things ISO International Organisation for Standardisation KYC Know Your Customer LEI Legal Entity Identifier NACH National Automated Clearing House NCMC National Common Mobility Card NEFT National Electronic Funds Transfer NFS National Financial Switch NPCI National Payments Corporation of India ODR Online Dispute Resolution OTP One Time Password PA Payment Aggregator PAC Payments Advisory Council PFMI Principles for Financial Market Infrastructure PG Payment Gateway PIDF Payments Infrastructure Development Fund PoS Point of Sale PPI Prepaid Payment Instrument PSO Payment System Operator PSS Payment and Settlement Systems PvP Payment versus Payment QR Quick Response RBI Reserve Bank of India RE Regulated Entity RTGS Real Time Gross Settlement SFMS Structured Financial Messaging System TAT Turn-Around-Time UPI Unified Payments Interface USSD Unstructured Supplementary Service Data VPA Virtual Payment Address