Security Ecosystem for Digital Wallets

BY -

SAUMYA VISHNOI

Who am I ? Information Security profession – about 6 years of experience

Ex- PCI QSA

Audited multiple wallet environments

Currently working with a Fintech organization

Disclaimer

All the information, discussion and views

presented in the talk are

personal !!!

What is Digital Wallet ?

Digital Wallet

A digital application that works like a wallet ----

you add money into it and then you can spend the money out of it

Types of Digital wallet

Closed loop

Semi-open loop

Open loop

How safe are wallets ?

RBI(Reserve Bank of India)

Regulatory Controls RBI Payment and Settlement Act 2007

RBI PSS Audit – CISA audit – external

Internal Audit

AML controls (Anti- Money Laundering )

Fraud management

Penalty clause

Basically Risk Management !!!

PSS Audit – CISA audit – external • External ISMS audit by a qualified CISA professional

•Submission of the audit report to RBI

•RBI review and approve/or send back with comments.

•Once approved --- RBI license is issued

•Internal audit schedule and review

•audit and risk committee responsibility

•Yearly external audit exercise and report submission to RBI

AML controls (Anti- Money Laundering )

• Required to be compliant to Prevention of Money Laundering Act, 2002

•KYC and non-KYC accounts

•Balance limitations

•Regular monitoring for suspicious behavior

•AML training to employees

Fraud Management• Establishment of Fraud team

•Regular monitoring for suspicious behavior

•Assisting law enforcement agencies in Investigating fraud incidents

•Blacklisting mechanism

•Blocking/Unblocking account

•Customer awareness

Penalty Clause Section 30 of PSS Act --- Power of Reserve Bank to impose fine

Section 31 of PSS Act --- Power to compound offences

Nature of offence -- Breach of provisions of the act.

Non- compliance of directions

Violations of tem and conditions of authorization

Amount of Penalty – Depends upon the nature of offence, with a min of 5 Lakhs

Trust