Bankpulse
HomeSearchLatestCo-pilotRankingsCrosswalkHistoryWithdrawnDashboardsMethodologyGlossaryCircularsAskChangelogReviewsAbout
HomeCirculars › RBI/2020-21/74

RBI Master Direction on Digital Payment Security Controls

Live · in forceNo withdrawal recorded as of 19 Jun 2026. Reviewed by Vikram Jain; always verify against the official RBI source below.
⏱ ~2 min read
Quick answerRBI issued a Master Direction mandating banks and credit card NBFCs to implement minimum security controls for digital payments, including governance, authentication, and fraud management, effective from August 2021.

What changed

RBI issued the Master Direction on Digital Payment Security Controls (2021), replacing earlier piecemeal circulars with a comprehensive framework. It mandates a Board-approved policy for digital payment products, covering governance, risk management, and security controls for internet, mobile, and card payments. The direction applies to scheduled commercial banks (excluding RRBs), small finance banks, payments banks, and credit card-issuing NBFCs, effective six months from issuance (February 18, 2021).

What it means for you

Banks and NBFCs must now formalize digital payment security policies at the Board level, ensuring robust governance and minimum security standards. This raises compliance costs but reduces fraud risk and enhances customer trust. Non-compliance could attract supervisory action, so lenders must prioritize implementation within the timeline.

What you must do

Who it affects

Scheduled Commercial Banks (excluding RRBs), Small Finance Banks, Payments Banks, Credit card issuing NBFCs

When does this Master Direction come into effect?

It comes into effect six months from February 18, 2021, i.e., by August 18, 2021. However, instructions already issued by RBI departments take immediate effect or as per their original timelines.

Does this apply to Regional Rural Banks?

No, Regional Rural Banks (RRBs) are explicitly excluded from the applicability of this direction.

What are the key areas covered under general controls?

General controls include governance and management of security risks, application security life cycle, authentication framework, fraud risk management, reconciliation mechanism, and customer protection, awareness, and grievance redressal.

Track this rule
⏳ How this rule evolved — History Map →Full RBI rulebook crosswalk →
Official source: RBI/2020-21/74 on rbi.org.in ↗
AI-drafted · 3-model AI consensus fact-check · under the editorial review of Vikram Jain · published · 19 Jun 2026, 12:38 IST
Official RBI source: https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=12032&Mode=0 — Plain-English summary by BankPulse (bankpulse.ai), reviewed by Vikram Jain. Independent platform, not affiliated with the Reserve Bank of India; never reproduces RBI text verbatim.