What is a NPCI - National Payments Corporation of India?

National Payments Corporation of India, an initiative of the Reserve Bank of India and Indian Banks’ Association. It is an umbrella organisation for operating retail payments and settlement systems in India.

It aims to provide infrastructure to the whole banking industry, both physical and electronic payment and settlements system.

The products and their significance are National Financial Switch(NFS), Immediate Payment Service(IMPS), Aadhaar-enabled Payment Service (AePS), Cheque Truncation System (CTS), RuPay, National Automated Clearing House (NACH), Aadhaar Payment Bridge (APB), UPI, Bharat Bill Pay, National Electronic Toll Collection (NETC), Bharat Interface for Money (BHIM) , BharatQR, BHIM Aadhaar Pay.

Applicability

  1. Evaluation of the hardware structure, operating systems and critical applications, security and controls in place, including access controls on key applications, Disaster recovery plans
  2. Training of personnel managing systems and applications, documentation, etc.
  3. Process validation as per NPCI guidelines
  4. The audit should cover compliance as per security best practices, specifically the application security lifecycle, patch/ vulnerability management, change management and adherence to the process flow as given by NPCI from time-to-time.

Objective

The objectives of an NPCI Audit are as follows:

  1. Ensure security of UPI environment and interfacing systems
  2. Ensure security of identity on the mobile device
  3. Introduce new security tools to protect the changing business model
  4. Perform advanced and smart analytics for effective monitoring of security risks
  5. Ensure compliance with regulatory requirements and adoption of industry standards
  6. Maintain logs and security to help in forensics
  7. Ensure you have appropriate response processes in place so that you can act quickly in the event of an incident being discovered
  8. Share periodic knowledge/ security bulletins with customers

Approach

Our approach has been covered in a 4-phases. These include: 

Phase 1: Audit Planning
Planning and preparation of the audit scope and objectives. 

Phase 2: Risk Assessment and Business Process Analysis
Assessment, measuring, managing, and controlling IT-related risks, thus enhancing the reliability of processes and the entire information system. 

Phase 3: Audit Performance (Compliance and System Review) 
Assessment of controls over critical system platforms, network and physical components, IT infrastructure supporting relevant business processes.

Phase 4: Reporting
Report audit findings, conclusions, and recommendations of the audit in terms of conformance, non-conformance, and opportunities to improve.

      Why CyberSRC®?

      Established in January 2018, CyberSRC Consultancy offers the full machination of cyber security services ranging from threat intelligence, VMS to general advisory services in areas pertaining to Cyber security such as vulnerability attacks, compliance, and cyber security regulations, and laws. We are into system audits such as ISNP Audits, NBFC Audits, UCB Audits, PPI Audits, and SEBI Audits. We provide our solutions with better accountability. We are a certified assurance firm. We are an ISO 27001 certified organization, backed by a very diverse and dynamic team which have a combined experience.