Two-Tier Authorization for ePayments-RTGS
It is the norm of civilization, that all key actions, should follow the Maker-Checker Concept.
Maker-checker (or Maker and Checker, or 4-Eyes) is one of the central principles of authorization in the Information Systems of financial organizations.
The principle of maker and checker means that for each transaction, there must be at least two individuals necessary for its completion. While one individual may create a transaction, the other individual should be involved in confirmation or authorization of the same. Here the segregation of duties plays an important role. This minimizes the risk, to the individuals, as well as to the Organizations at large. However, it is observed that the Maker-Checker Concept, is not followed in the true sense. This leads to mishaps all around.
The scenario in ePayments is also no different. A good number of times, it is observed that in the System, the Maker-Checker concept is followed, but in reality, the maker and checker is the same physical person!
The strengthening of the Maker-Checker Concept in ePayments, will go a long way, in reinforcing the common man’s belief in ePayments.
Reserve Bank of India, vide its Notification RBI/2008-09/437, DPSS (CO) RTGS No.1839 / 04.04.002 / 2008 – 2009, dated April 20, 2009, advised all Banks to toughen the Security Environment. Accordingly, it has been made mandatory for the members to put in place maker-checker facility during data entry.
Further, it has also advised that the IT Security should be foolproof and the internal control systems strong enough to counter frauds / attempted frauds in the RTGS system.
The full notification, can be accessed at http://www.rbi.org.in/scripts/NotificationUser.aspx?Mode=0&Id=4937.
Reserve Bank of India, vide its above Notification, has assured the common man, that IT Security/User Security, for ePayments, is maintained at the highest possible standards, by Indian Banks.
4 comments:
Hi Prashant,
Would you be able to provide some more details on the two - tier system. I have observed that users are provided with smart cards and a pin which allows them to make or approve payments. Is it possible for banks to configure what access is attached to each card or is this determined by RBI? If banks are able to configure this, how is this achieved? Do they need to approach RBI or can they do it themselves?
Shahvir
For more details visit http://en.wikipedia.org/wiki/Digital_signature
To the best of knowledge, Banks should be able to determine the level of access to each smart card. Otherwise, RBI will be overburdened.
Please do inform, if more information is required
Hi Prashant,
Can you please elaborate the Maker-Checker concept in Banking system. Is this a RBI Guideline for all Banking application or its a bank to bank policy. If its a RBI Guideline please provide me Circular No. for normal Transactions except from oltas and rtgs.
Vivek,
No there is no specific RBI guidelines for Maker-checker concept except for RTGS and OLTAS.
For other banking applications it is the practice, rather than the law.
please inform for any further clarifications
Post a Comment