India Insights with Geetha Nandikotkur

Fraud Management & Cybercrime , Fraud Risk Management

RBI's 'Positive Pay' System: Essential Security Steps

Can Banks Secure the Increased Flow of Data?
RBI's 'Positive Pay' System: Essential Security Steps

In an effort to ramp up the fight against fraud, the Reserve Bank of India next year will launch a "Positive Pay" system of verifying information about checks with a value at $700 or more. Bank CISOs face the big task of securing the huge new flow of data.

See Also: Breaking Free from VPN Limitations: Simplifying Remote Access Security

The move comes after bank fraud incidents, ranging from check fraud to acquiring bogus loans and credit cards, have almost doubled in the last year, the RBI says.

Under this Positive Pay system, the issuer of the check will be required to submit electronically to the drawee bank - through SMS, mobile app, internet banking, or ATM - details such as date, name of the beneficiary, and payee.

The data will then be cross-checked before the check is presented for payment. The check truncation system will flag any discrepancies to help prevent fraud.

The RBI says banks can decide whether to mandate the use of Positive Pay, such as for checks for $10,000 or more.

Security Steps

To ensure the success of this anti-fraud effort, banks will need to efficiently handle the larger data flow required. And keeping all that data secure could prove challenging.

So banks will need to build the required interfaces to link the data required for Positive Pay and implement security controls to protect the data.

Bharat Panchal, senior vice president and chief risk officer at FIS Global, a financial services organization, says important ways to protect the huge volume of data include implementing authentication standards and deploying analytical tools to detect data leakage.

Checks Usage to Rise

While there has been a temporary decline in the use of checks during the pandemic, experts believe that there is going to be a rise in check use in the coming months.

According to NPCI data, 10 of the top 30 banks using the country's Unified Payment Interface network for contactless payments have recorded failed transactions, the Economic Times reports. Those failures could lead more consumers to rely on checks, which could trigger a fraud surge.

Another factor that can fuel the increase in the use of checks is RBI's decision to implement a pan-India Check Truncation System for check clearing that discontinues the flow of the physical check. Instead, an electronic image of the check is transferred with vital essential data.


Banks are liable for the fraud that takes place after the Positive Pay process is completed.

CISOs need to ensure that the information provided to Positive Pay is not misused or stolen and are also responsible for protecting the data against any leakage. They need to adhere to the pattern similar to what UIDAI adopted to protect its huge data, which includes:

  • Using end-to-end encryption of personal identity data to ensure it's tampered with;
  • Securing the network at multiple levels between front-end authentication points and the centralized Positive Pay system to ensure protection against network attacks;
  • Securing the centralized system using multiple firewalls, network intrusion prevention systems and strong access control and audit schemes.

Some security practitioners say periodic testing of the access points can also help discover system vulnerabilities in advance.

Plus, continuous monitoring and continuous improvement are key for maintaining confidentiality, integrity and availability of the system.

About the Author

Geetha Nandikotkur

Geetha Nandikotkur

Vice President - Conferences, Asia, Middle East and Africa, ISMG

Nandikotkur is an award-winning journalist with over 20 years of experience in newspapers, audiovisual media, magazines and research. She has an understanding of technology and business journalism and has moderated several roundtables and conferences, in addition to leading mentoring programs for the IT community. Prior to joining ISMG, Nandikotkur worked for 9.9 Media as a group editor for CIO & Leader, IT Next and CSO Forum.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.