Government Designates Paytm Payments Bank Ltd’s Key Systems As ‘Protected’ For Enhanced Security
New Delhi, 27th July 2023: Under the provisions of the Information Technology Act, 2000, the Ministry of Electronics and Information Technology (MeitY) has officially classified the computer resources associated with Paytm Payments Bank Ltd’s Core Banking Solution and UPI Switch as “protected systems.” Being categorized as “protected systems” indicates their criticality in the bank’s operations, and as a result, access to these systems is strictly restricted.
Only specific authorized personnel are allowed access to these protected systems, including:
1. Employees of Paytm Payments Bank Ltd with explicit written authorization from the bank are designated to access the protected systems.
2. Team members from contractual managed service providers or third-party vendors, who have been granted written authorization by Paytm Payments Bank Ltd based on their specific access needs.
3. Consultants, regulators, government officials, auditors, and stakeholders, who have been individually authorized in writing by Paytm Payments Bank Ltd on a case-by-case basis.
The scope of “protected systems” includes not only the core infrastructure but also the computer resources of its associated dependencies. The purpose of limiting access to authorized personnel is to enhance the security and integrity of critical financial systems, thereby reducing the risk of potential cyber threats and attacks. This is especially crucial because these systems contain sensitive customer data, and any unauthorized access could lead to severe consequences.
Paytm Payments Bank Ltd and its associated stakeholders must comply with the government’s directives to safeguard their computer resources effectively. Similar notifications have been issued for other financial institutions like the Indian Bank, YES Bank, IDBI Bank, and Central Bank of India, declaring their critical computer resources as “protected systems” under the IT Act.
Following this notification, financial institutions may need to implement additional security measures to protect their protected systems. Keeping records of authorized personnel with access to these systems and their specific permissions will be essential. Additionally, any instances of unauthorized access to the protected systems must be promptly reported to the relevant authorities. This collective effort aims to bolster the overall security posture of the banking sector and protect sensitive financial data from potential threats.
