SlideShare a Scribd company logo

Security Ecosystem of Digital Wallets

Download as PPTX, PDF
Saumya Vishnoi
Saumya Vishnoi

This talk was presented in NULL Delhi chapter meet in October 2016, as an insight into the world of Digital wallets and the regulations enforced on them by Government of India and RBI.

1 of 20
Security Ecosystem for Digital Wallets BY - SAUMYA VISHNOI
Who am I ?  Information Security profession – about 6 years of experience Ex- PCI QSA Audited multiple wallet environments Currently working with a Fintech organization
Disclaimer All the information, discussion and views presented in the talk are personal !!!
What is Digital Wallet ?
Digital Wallet A digital application that works like a wallet ---- you add money into it and then you can spend the money out of it
Types of Digital wallet Closed loop Semi-open loop Open loop
How safe are wallets ?
RBI (Reserve Bank of India)
Regulatory Controls  RBI Payment and Settlement Act 2007  RBI PSS Audit – CISA audit – external  Internal Audit  AML controls (Anti- Money Laundering )  Fraud management  Penalty clause Basically Risk Management !!!
PSS Audit – CISA audit – external • External ISMS audit by a qualified CISA professional •Submission of the audit report to RBI •RBI review and approve/or send back with comments. •Once approved --- RBI license is issued •Internal audit schedule and review •audit and risk committee responsibility •Yearly external audit exercise and report submission to RBI
AML controls (Anti- Money Laundering ) • Required to be compliant to Prevention of Money Laundering Act, 2002 •KYC and non-KYC accounts •Balance limitations •Regular monitoring for suspicious behavior •AML training to employees
Fraud Management • Establishment of Fraud team •Regular monitoring for suspicious behavior •Assisting law enforcement agencies in Investigating fraud incidents •Blacklisting mechanism •Blocking/Unblocking account •Customer awareness
Penalty Clause  Section 30 of PSS Act --- Power of Reserve Bank to impose fine  Section 31 of PSS Act --- Power to compound offences Nature of offence --  Breach of provisions of the act.  Non- compliance of directions  Violations of tem and conditions of authorization Amount of Penalty – Depends upon the nature of offence, with a min of 5 Lakhs
Trust
Security Ecosystem of Digital Wallets
Security Ecosystem of Digital Wallets

Recommended

PCI DSS introduction by khaled mosharraf,
PCI DSS introduction by khaled mosharraf,PCI DSS introduction by khaled mosharraf,
PCI DSS introduction by khaled mosharraf,
Khaled Mosharraf
 
Privacy frameworks 101
Privacy frameworks 101Privacy frameworks 101
Privacy frameworks 101
Saumya Vishnoi
 
Introduction to PCI DSS
Introduction to PCI DSSIntroduction to PCI DSS
Introduction to PCI DSS
Saumya Vishnoi
 
PCI DSS Compliance
PCI DSS CompliancePCI DSS Compliance
PCI DSS Compliance
Saumya Vishnoi
 
A practical guides to PCI compliance
A practical guides to PCI complianceA practical guides to PCI compliance
A practical guides to PCI compliance
Jisc
 
Pci ssc quick reference guide
Pci ssc quick reference guidePci ssc quick reference guide
Pci ssc quick reference guide
Mohammad Makchudul Alam (Arif)
 
P0 Pcidss Overview
P0 Pcidss OverviewP0 Pcidss Overview
P0 Pcidss Overviewb28stu
 
Taming the compliance beast in cloud
Taming the compliance beast in cloudTaming the compliance beast in cloud
Taming the compliance beast in cloud
Saumya Vishnoi
 

Recommended

PCI DSS introduction by khaled mosharraf,
PCI DSS introduction by khaled mosharraf,PCI DSS introduction by khaled mosharraf,
PCI DSS introduction by khaled mosharraf,
Khaled Mosharraf
 
Privacy frameworks 101
Privacy frameworks 101Privacy frameworks 101
Privacy frameworks 101
Saumya Vishnoi
 
Introduction to PCI DSS
Introduction to PCI DSSIntroduction to PCI DSS
Introduction to PCI DSS
Saumya Vishnoi
 
PCI DSS Compliance
PCI DSS CompliancePCI DSS Compliance
PCI DSS Compliance
Saumya Vishnoi
 
A practical guides to PCI compliance
A practical guides to PCI complianceA practical guides to PCI compliance
A practical guides to PCI compliance
Jisc
 
Pci ssc quick reference guide
Pci ssc quick reference guidePci ssc quick reference guide
Pci ssc quick reference guide
Mohammad Makchudul Alam (Arif)
 
P0 Pcidss Overview
P0 Pcidss OverviewP0 Pcidss Overview
P0 Pcidss Overviewb28stu
 
Taming the compliance beast in cloud
Taming the compliance beast in cloudTaming the compliance beast in cloud
Taming the compliance beast in cloud
Saumya Vishnoi
 
PCI-DSS_Overview
PCI-DSS_OverviewPCI-DSS_Overview
PCI-DSS_Overviewsameh Abulfotooh
 
1. PCI Compliance Overview
1. PCI Compliance Overview1. PCI Compliance Overview
1. PCI Compliance Overview
okrantz
 
PCI DSS and PA DSS
PCI DSS and PA DSSPCI DSS and PA DSS
PCI DSS and PA DSS
Kimberly Simon MBA
 
PCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as UsualPCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as Usual
Kimberly Simon MBA
 
PCI DSS Compliance Readiness
PCI DSS Compliance ReadinessPCI DSS Compliance Readiness
PCI DSS Compliance ReadinessAl Abbas, PMP, CISSP, MBA, MSc
 
PCI DSS
PCI DSSPCI DSS
PCI DSSDuy Do Phan
 
Card Data Discovery and PCI DSS
Card Data Discovery and PCI DSSCard Data Discovery and PCI DSS
Card Data Discovery and PCI DSS
Kimberly Simon MBA
 
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAININGPCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
himalya sharma
 
Quick Reference Guide to the PCI Data Security Standard
Quick Reference Guide to the PCI Data Security StandardQuick Reference Guide to the PCI Data Security Standard
Quick Reference Guide to the PCI Data Security Standard
- Mark - Fullbright
 
Alcumus ISOQAR PCIDSS Compliance Presentation
Alcumus ISOQAR PCIDSS Compliance PresentationAlcumus ISOQAR PCIDSS Compliance Presentation
Alcumus ISOQAR PCIDSS Compliance PresentationBhargav Upadhyay
 
PCIDSS compliance made easier through a collaboration between NC State and UN...
PCIDSS compliance made easier through a collaboration between NC State and UN...PCIDSS compliance made easier through a collaboration between NC State and UN...
PCIDSS compliance made easier through a collaboration between NC State and UN...John Baines
 
Introduction to Token Service Provider (TSP) Certification
Introduction to Token Service Provider (TSP) CertificationIntroduction to Token Service Provider (TSP) Certification
Introduction to Token Service Provider (TSP) Certification
Kimberly Simon MBA
 
PCI Compliance (for developers)
PCI Compliance (for developers)PCI Compliance (for developers)
PCI Compliance (for developers)
Maksim Djackov
 
PCI DSS: What it is, and why you should care
PCI DSS: What it is, and why you should carePCI DSS: What it is, and why you should care
PCI DSS: What it is, and why you should care
Sean D. Goodwin
 
PCI DSS for Penetration Testing
PCI DSS for Penetration TestingPCI DSS for Penetration Testing
PCI DSS for Penetration Testing
Network Intelligence India
 
PCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder dataPCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder data
InMobi Technology
 
Webinar - pci dss 4.0 updates
Webinar - pci dss 4.0 updates Webinar - pci dss 4.0 updates
Webinar - pci dss 4.0 updates
VISTA InfoSec
 
Comsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Comsec PCI DSS v3 2 - Overview and Summary of Changes - WebinarComsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Comsec PCI DSS v3 2 - Overview and Summary of Changes - WebinarAriel Ben-Harosh
 
Visa Compliance Mark National Certification
Visa Compliance Mark National CertificationVisa Compliance Mark National Certification
Visa Compliance Mark National CertificationMark Pollard
 
Data Discovery and PCI DSS
Data Discovery and PCI DSSData Discovery and PCI DSS
Data Discovery and PCI DSS
Kimberly Simon MBA
 
Beyond the Virtual World- Physical security and its importance
Beyond the Virtual World- Physical security and its importanceBeyond the Virtual World- Physical security and its importance
Beyond the Virtual World- Physical security and its importance
Saumya Vishnoi
 
The Evolution of Enterprise Mobility for Industrial Manufacturing
The Evolution of Enterprise Mobility for Industrial ManufacturingThe Evolution of Enterprise Mobility for Industrial Manufacturing
The Evolution of Enterprise Mobility for Industrial Manufacturing
SPEC INDIA
 

More Related Content

What's hot

1. PCI Compliance Overview
1. PCI Compliance Overview1. PCI Compliance Overview
1. PCI Compliance Overview
okrantz
 
PCI DSS and PA DSS
PCI DSS and PA DSSPCI DSS and PA DSS
PCI DSS and PA DSS
Kimberly Simon MBA
 
PCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as UsualPCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as Usual
Kimberly Simon MBA
 
Card Data Discovery and PCI DSS
Card Data Discovery and PCI DSSCard Data Discovery and PCI DSS
Card Data Discovery and PCI DSS
Kimberly Simon MBA
 
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAININGPCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
himalya sharma
 
Quick Reference Guide to the PCI Data Security Standard
Quick Reference Guide to the PCI Data Security StandardQuick Reference Guide to the PCI Data Security Standard
Quick Reference Guide to the PCI Data Security Standard
- Mark - Fullbright
 
Alcumus ISOQAR PCIDSS Compliance Presentation
Alcumus ISOQAR PCIDSS Compliance PresentationAlcumus ISOQAR PCIDSS Compliance Presentation
Alcumus ISOQAR PCIDSS Compliance PresentationBhargav Upadhyay
 
PCIDSS compliance made easier through a collaboration between NC State and UN...
PCIDSS compliance made easier through a collaboration between NC State and UN...PCIDSS compliance made easier through a collaboration between NC State and UN...
PCIDSS compliance made easier through a collaboration between NC State and UN...John Baines
 
Introduction to Token Service Provider (TSP) Certification
Introduction to Token Service Provider (TSP) CertificationIntroduction to Token Service Provider (TSP) Certification
Introduction to Token Service Provider (TSP) Certification
Kimberly Simon MBA
 
PCI Compliance (for developers)
PCI Compliance (for developers)PCI Compliance (for developers)
PCI Compliance (for developers)
Maksim Djackov
 
PCI DSS: What it is, and why you should care
PCI DSS: What it is, and why you should carePCI DSS: What it is, and why you should care
PCI DSS: What it is, and why you should care
Sean D. Goodwin
 
PCI DSS for Penetration Testing
PCI DSS for Penetration TestingPCI DSS for Penetration Testing
PCI DSS for Penetration Testing
Network Intelligence India
 
PCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder dataPCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder data
InMobi Technology
 
Webinar - pci dss 4.0 updates
Webinar - pci dss 4.0 updates Webinar - pci dss 4.0 updates
Webinar - pci dss 4.0 updates
VISTA InfoSec
 
Comsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Comsec PCI DSS v3 2 - Overview and Summary of Changes - WebinarComsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Comsec PCI DSS v3 2 - Overview and Summary of Changes - WebinarAriel Ben-Harosh
 
Visa Compliance Mark National Certification
Visa Compliance Mark National CertificationVisa Compliance Mark National Certification
Visa Compliance Mark National CertificationMark Pollard
 
Data Discovery and PCI DSS
Data Discovery and PCI DSSData Discovery and PCI DSS
Data Discovery and PCI DSS
Kimberly Simon MBA
 

What's hot (20)

PCI-DSS_Overview
PCI-DSS_OverviewPCI-DSS_Overview
PCI-DSS_Overview
 
1. PCI Compliance Overview
1. PCI Compliance Overview1. PCI Compliance Overview
1. PCI Compliance Overview
 
PCI DSS and PA DSS
PCI DSS and PA DSSPCI DSS and PA DSS
PCI DSS and PA DSS
 
PCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as UsualPCI DSS 3.2 - Business as Usual
PCI DSS 3.2 - Business as Usual
 
PCI DSS Compliance Readiness
PCI DSS Compliance ReadinessPCI DSS Compliance Readiness
PCI DSS Compliance Readiness
 
PCI DSS
PCI DSSPCI DSS
PCI DSS
 
Card Data Discovery and PCI DSS
Card Data Discovery and PCI DSSCard Data Discovery and PCI DSS
Card Data Discovery and PCI DSS
 
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAININGPCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
PCI DSS | PCI DSS Training | PCI DSS AWARENESS TRAINING
 
Quick Reference Guide to the PCI Data Security Standard
Quick Reference Guide to the PCI Data Security StandardQuick Reference Guide to the PCI Data Security Standard
Quick Reference Guide to the PCI Data Security Standard
 
Alcumus ISOQAR PCIDSS Compliance Presentation
Alcumus ISOQAR PCIDSS Compliance PresentationAlcumus ISOQAR PCIDSS Compliance Presentation
Alcumus ISOQAR PCIDSS Compliance Presentation
 
PCIDSS compliance made easier through a collaboration between NC State and UN...
PCIDSS compliance made easier through a collaboration between NC State and UN...PCIDSS compliance made easier through a collaboration between NC State and UN...
PCIDSS compliance made easier through a collaboration between NC State and UN...
 
Introduction to Token Service Provider (TSP) Certification
Introduction to Token Service Provider (TSP) CertificationIntroduction to Token Service Provider (TSP) Certification
Introduction to Token Service Provider (TSP) Certification
 
PCI Compliance (for developers)
PCI Compliance (for developers)PCI Compliance (for developers)
PCI Compliance (for developers)
 
PCI DSS: What it is, and why you should care
PCI DSS: What it is, and why you should carePCI DSS: What it is, and why you should care
PCI DSS: What it is, and why you should care
 
PCI DSS for Penetration Testing
PCI DSS for Penetration TestingPCI DSS for Penetration Testing
PCI DSS for Penetration Testing
 
PCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder dataPCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder data
 
Webinar - pci dss 4.0 updates
Webinar - pci dss 4.0 updates Webinar - pci dss 4.0 updates
Webinar - pci dss 4.0 updates
 
Comsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Comsec PCI DSS v3 2 - Overview and Summary of Changes - WebinarComsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
Comsec PCI DSS v3 2 - Overview and Summary of Changes - Webinar
 
Visa Compliance Mark National Certification
Visa Compliance Mark National CertificationVisa Compliance Mark National Certification
Visa Compliance Mark National Certification
 
Data Discovery and PCI DSS
Data Discovery and PCI DSSData Discovery and PCI DSS
Data Discovery and PCI DSS
 

Viewers also liked

Beyond the Virtual World- Physical security and its importance
Beyond the Virtual World- Physical security and its importanceBeyond the Virtual World- Physical security and its importance
Beyond the Virtual World- Physical security and its importance
Saumya Vishnoi
 
The Evolution of Enterprise Mobility for Industrial Manufacturing
The Evolution of Enterprise Mobility for Industrial ManufacturingThe Evolution of Enterprise Mobility for Industrial Manufacturing
The Evolution of Enterprise Mobility for Industrial Manufacturing
SPEC INDIA
 
Implementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsImplementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and Lessons
Anton Chuvakin
 
How to use digital wallet effectively
How to use digital wallet effectivelyHow to use digital wallet effectively
How to use digital wallet effectively
1payjsc
 
Digital wallet (e-wallet)
Digital wallet (e-wallet)Digital wallet (e-wallet)
Digital wallet (e-wallet)Krishna Kumar
 

Viewers also liked (7)

Beyond the Virtual World- Physical security and its importance
Beyond the Virtual World- Physical security and its importanceBeyond the Virtual World- Physical security and its importance
Beyond the Virtual World- Physical security and its importance
 
The Evolution of Enterprise Mobility for Industrial Manufacturing
The Evolution of Enterprise Mobility for Industrial ManufacturingThe Evolution of Enterprise Mobility for Industrial Manufacturing
The Evolution of Enterprise Mobility for Industrial Manufacturing
 
Implementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsImplementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and Lessons
 
Digital wallet
Digital walletDigital wallet
Digital wallet
 
How to use digital wallet effectively
How to use digital wallet effectivelyHow to use digital wallet effectively
How to use digital wallet effectively
 
Ewallet
EwalletEwallet
Ewallet
 
Digital wallet (e-wallet)
Digital wallet (e-wallet)Digital wallet (e-wallet)
Digital wallet (e-wallet)
 

Similar to Security Ecosystem of Digital Wallets

Skillwise Know your Customer & Money Laundering
Skillwise Know your Customer & Money LaunderingSkillwise Know your Customer & Money Laundering
Skillwise Know your Customer & Money Laundering
Skillwise Group
 
Knowyourcustomer
KnowyourcustomerKnowyourcustomer
KnowyourcustomerViral Jain
 
Presentation-on-KYC-basics.pdf
Presentation-on-KYC-basics.pdfPresentation-on-KYC-basics.pdf
Presentation-on-KYC-basics.pdf
Tarun613099
 
Kyc (know your customer)
Kyc (know your customer)Kyc (know your customer)
Kyc (know your customer)Kapil Rajput
 
Kyc Know Your Customer
Kyc Know Your CustomerKyc Know Your Customer
Kyc Know Your Customer
ASAD ALI
 
Kycamlrbinb guidelines
Kycamlrbinb guidelinesKycamlrbinb guidelines
Kycamlrbinb guidelines
Kumar Rakesh Chandra
 
Prevention of money laundering act, 2002
Prevention of money laundering act, 2002Prevention of money laundering act, 2002
Prevention of money laundering act, 2002kotha priyanka
 
Kyc banks
Kyc banksKyc banks
Kyc banks
Partho Chakraborty
 
Fica Training
Fica TrainingFica Training
Fica Training
Mariette Van Zyl
 
preventionofmoneylaunderingact2002-131206093709-phpapp01 (1).pdf
preventionofmoneylaunderingact2002-131206093709-phpapp01 (1).pdfpreventionofmoneylaunderingact2002-131206093709-phpapp01 (1).pdf
preventionofmoneylaunderingact2002-131206093709-phpapp01 (1).pdf
madhusrisanapathi2
 
Fin tech regulation in india jsa 14 02 2020
Fin tech regulation in india jsa 14 02 2020Fin tech regulation in india jsa 14 02 2020
Fin tech regulation in india jsa 14 02 2020
IIMBNSRCEL
 
Virtual Currency Compliance: Anti-Money Laundering
Virtual Currency Compliance: Anti-Money LaunderingVirtual Currency Compliance: Anti-Money Laundering
Virtual Currency Compliance: Anti-Money Laundering
Jay Postma
 
Kycnormsgroup19 121110050951-phpapp01
Kycnormsgroup19 121110050951-phpapp01Kycnormsgroup19 121110050951-phpapp01
Kycnormsgroup19 121110050951-phpapp01
lakhbir saini
 
Anti-Money Laundering -1.pptx
Anti-Money Laundering -1.pptxAnti-Money Laundering -1.pptx
Anti-Money Laundering -1.pptx
ManasSinghania2
 
Effective Concurrent Audit-2020.pptx
Effective Concurrent Audit-2020.pptxEffective Concurrent Audit-2020.pptx
Effective Concurrent Audit-2020.pptx
CAVEDPRAKASHPALIWAL
 
“BSA/AML Considerations for Digital and Virtual Currencies”
“BSA/AML Considerations for Digital and Virtual Currencies”“BSA/AML Considerations for Digital and Virtual Currencies”
“BSA/AML Considerations for Digital and Virtual Currencies”
Rachel Hamilton
 
Legal kyc policy with Trade12
Legal kyc policy with Trade12Legal kyc policy with Trade12
Legal kyc policy with Trade12
Trade12
 
Money Services Businesses: Past, Present & Future
Money Services Businesses: Past, Present & FutureMoney Services Businesses: Past, Present & Future
Money Services Businesses: Past, Present & Future
Jay Postma
 
Banking and e government
Banking and e governmentBanking and e government
Banking and e government
Mohan Datar
 

Similar to Security Ecosystem of Digital Wallets (20)

Aml&kyc 1
Aml&kyc 1Aml&kyc 1
Aml&kyc 1
 
Skillwise Know your Customer & Money Laundering
Skillwise Know your Customer & Money LaunderingSkillwise Know your Customer & Money Laundering
Skillwise Know your Customer & Money Laundering
 
Knowyourcustomer
KnowyourcustomerKnowyourcustomer
Knowyourcustomer
 
Presentation-on-KYC-basics.pdf
Presentation-on-KYC-basics.pdfPresentation-on-KYC-basics.pdf
Presentation-on-KYC-basics.pdf
 
Kyc (know your customer)
Kyc (know your customer)Kyc (know your customer)
Kyc (know your customer)
 
Kyc Know Your Customer
Kyc Know Your CustomerKyc Know Your Customer
Kyc Know Your Customer
 
Kycamlrbinb guidelines
Kycamlrbinb guidelinesKycamlrbinb guidelines
Kycamlrbinb guidelines
 
Prevention of money laundering act, 2002
Prevention of money laundering act, 2002Prevention of money laundering act, 2002
Prevention of money laundering act, 2002
 
Kyc banks
Kyc banksKyc banks
Kyc banks
 
Fica Training
Fica TrainingFica Training
Fica Training
 
preventionofmoneylaunderingact2002-131206093709-phpapp01 (1).pdf
preventionofmoneylaunderingact2002-131206093709-phpapp01 (1).pdfpreventionofmoneylaunderingact2002-131206093709-phpapp01 (1).pdf
preventionofmoneylaunderingact2002-131206093709-phpapp01 (1).pdf
 
Fin tech regulation in india jsa 14 02 2020
Fin tech regulation in india jsa 14 02 2020Fin tech regulation in india jsa 14 02 2020
Fin tech regulation in india jsa 14 02 2020
 
Virtual Currency Compliance: Anti-Money Laundering
Virtual Currency Compliance: Anti-Money LaunderingVirtual Currency Compliance: Anti-Money Laundering
Virtual Currency Compliance: Anti-Money Laundering
 
Kycnormsgroup19 121110050951-phpapp01
Kycnormsgroup19 121110050951-phpapp01Kycnormsgroup19 121110050951-phpapp01
Kycnormsgroup19 121110050951-phpapp01
 
Anti-Money Laundering -1.pptx
Anti-Money Laundering -1.pptxAnti-Money Laundering -1.pptx
Anti-Money Laundering -1.pptx
 
Effective Concurrent Audit-2020.pptx
Effective Concurrent Audit-2020.pptxEffective Concurrent Audit-2020.pptx
Effective Concurrent Audit-2020.pptx
 
“BSA/AML Considerations for Digital and Virtual Currencies”
“BSA/AML Considerations for Digital and Virtual Currencies”“BSA/AML Considerations for Digital and Virtual Currencies”
“BSA/AML Considerations for Digital and Virtual Currencies”
 
Legal kyc policy with Trade12
Legal kyc policy with Trade12Legal kyc policy with Trade12
Legal kyc policy with Trade12
 
Money Services Businesses: Past, Present & Future
Money Services Businesses: Past, Present & FutureMoney Services Businesses: Past, Present & Future
Money Services Businesses: Past, Present & Future
 
Banking and e government
Banking and e governmentBanking and e government
Banking and e government
 

Recently uploaded

The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
The Metaverse and AI: how can decision-makers harness the Metaverse for their...
The Metaverse and AI: how can decision-makers harness the Metaverse for their...The Metaverse and AI: how can decision-makers harness the Metaverse for their...
The Metaverse and AI: how can decision-makers harness the Metaverse for their...
Jen Stirrup
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 

Recently uploaded (20)

The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
The Metaverse and AI: how can decision-makers harness the Metaverse for their...
The Metaverse and AI: how can decision-makers harness the Metaverse for their...The Metaverse and AI: how can decision-makers harness the Metaverse for their...
The Metaverse and AI: how can decision-makers harness the Metaverse for their...
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyesAssure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
 

Security Ecosystem of Digital Wallets

  • 1. Security Ecosystem for Digital Wallets BY - SAUMYA VISHNOI
  • 2. Who am I ?  Information Security profession – about 6 years of experience Ex- PCI QSA Audited multiple wallet environments Currently working with a Fintech organization
  • 3. Disclaimer All the information, discussion and views presented in the talk are personal !!!
  • 4. What is Digital Wallet ?
  • 5. Digital Wallet A digital application that works like a wallet ---- you add money into it and then you can spend the money out of it
  • 6.
  • 7. Types of Digital wallet Closed loop Semi-open loop Open loop
  • 8. How safe are wallets ?
  • 10. Regulatory Controls  RBI Payment and Settlement Act 2007  RBI PSS Audit – CISA audit – external  Internal Audit  AML controls (Anti- Money Laundering )  Fraud management  Penalty clause Basically Risk Management !!!
  • 11.
  • 12. PSS Audit – CISA audit – external • External ISMS audit by a qualified CISA professional •Submission of the audit report to RBI •RBI review and approve/or send back with comments. •Once approved --- RBI license is issued •Internal audit schedule and review •audit and risk committee responsibility •Yearly external audit exercise and report submission to RBI
  • 13. AML controls (Anti- Money Laundering ) • Required to be compliant to Prevention of Money Laundering Act, 2002 •KYC and non-KYC accounts •Balance limitations •Regular monitoring for suspicious behavior •AML training to employees
  • 14. Fraud Management • Establishment of Fraud team •Regular monitoring for suspicious behavior •Assisting law enforcement agencies in Investigating fraud incidents •Blacklisting mechanism •Blocking/Unblocking account •Customer awareness
  • 15. Penalty Clause  Section 30 of PSS Act --- Power of Reserve Bank to impose fine  Section 31 of PSS Act --- Power to compound offences Nature of offence --  Breach of provisions of the act.  Non- compliance of directions  Violations of tem and conditions of authorization Amount of Penalty – Depends upon the nature of offence, with a min of 5 Lakhs
  • 16.
  • 17.
  • 18. Trust