Mandatory Security Implementation Prerequisites and Recommendations
Overview
NPCI Guidelines
The NPCI UPI Framework places strong emphasis on mobile application security, as UPI transactions are predominantly executed through mobile devices and involve real-time financial movement. Mobile applications act as the primary interface between users and the UPI ecosystem, making them a critical attack surface for threats such as application tampering, credential compromise, malware, and transaction manipulation.
RBI Guidelines
The RBI Master Directions and Guidelines on Information Security and Cyber Resilience underscore the critical importance of mobile application security, given the rapid growth of digital banking, UPI, and mobile-based financial services. Mobile applications serve as a primary channel for customer interactions, transactions, and access to sensitive financial data, making them a high-value target for cyber threats such as malware, data leakage, account takeover, and transaction manipulation.
Runtime Security Check-wise Recommendations
Overview
SEBI CSCRF Guidelines
SEBI CSCRF Guidelines: Mobile Application Security (Page- 102)