adsense

Monday, May 25, 2009

Two-Tier Authorization for ePayments-RTGS

             Two-Tier Authorization for ePayments-RTGS

            It is the norm of civilization, that all key actions, should follow the Maker-Checker Concept. 

Maker-checker (or Maker and Checker, or 4-Eyes) is one of the central principles of authorization in the Information Systems of financial organizations.

The principle of maker and checker means that for each transaction, there must be at least two individuals necessary for its completion. While one individual may create a transaction, the other individual should be involved in confirmation or authorization of the same. Here the segregation of duties plays an important role. This minimizes the risk, to the individuals, as well as to the Organizations at large.      However, it is observed that the Maker-Checker Concept, is not followed in the true sense. This leads to mishaps all around.

             The scenario in ePayments is also no different. A good number of times, it is observed that in the System, the Maker-Checker concept is followed, but in reality, the maker and checker is the same physical person!

             The strengthening of the Maker-Checker Concept in ePayments, will go a long way, in reinforcing the common man’s belief in ePayments.

             Reserve Bank of India, vide its Notification RBI/2008-09/437, DPSS (CO) RTGS No.1839 / 04.04.002 / 2008 – 2009, dated April 20, 2009, advised all Banks to toughen the Security Environment. Accordingly, it has been made mandatory for the members to put in place maker-checker facility during data entry.

 Further, it has also advised that the IT Security should be foolproof and the internal control systems strong enough to counter frauds / attempted frauds in the RTGS system.

             The full notification, can be accessed at http://www.rbi.org.in/scripts/NotificationUser.aspx?Mode=0&Id=4937.

             Reserve Bank of India, vide its above Notification, has assured the common man, that IT Security/User Security, for ePayments, is maintained at the highest possible standards, by Indian Banks.

 

 

 

             

4 comments:

Shahvir said...

Hi Prashant,

Would you be able to provide some more details on the two - tier system. I have observed that users are provided with smart cards and a pin which allows them to make or approve payments. Is it possible for banks to configure what access is attached to each card or is this determined by RBI? If banks are able to configure this, how is this achieved? Do they need to approach RBI or can they do it themselves?

Safe ePayments Motivator said...

Shahvir
For more details visit http://en.wikipedia.org/wiki/Digital_signature

To the best of knowledge, Banks should be able to determine the level of access to each smart card. Otherwise, RBI will be overburdened.

Please do inform, if more information is required

विवेक रस्तोगी said...

Hi Prashant,

Can you please elaborate the Maker-Checker concept in Banking system. Is this a RBI Guideline for all Banking application or its a bank to bank policy. If its a RBI Guideline please provide me Circular No. for normal Transactions except from oltas and rtgs.

Safe ePayments Motivator said...

Vivek,
No there is no specific RBI guidelines for Maker-checker concept except for RTGS and OLTAS.

For other banking applications it is the practice, rather than the law.

please inform for any further clarifications

LinkWithin

Related Posts with Thumbnails

Disclaimer

The thoughts in this BLOG are personal, and reflect only my view on the subject.
This are not the views of my Employers.
All images, logos rights rest with the Original TitleHolders

All efforts have been made to make this information as accurate as possible, N Prashant will not be responsible for any loss to any person caused by inaccuracy in the information available on this Website. Relevent Official Gazettes Communications may be consulted for an accurate information. Any discrepancy found may be brought to the notice of N Prashant