Aadhaar Enabled Payment System (AePS) enables financial transactions using Aadhaar number and biometrics or OTP authentication. ATOs are individuals onboarded by the acquiring bank who operates the AePS touchpoint.
In a new notification issued on Friday RBI said in cases where an ATO has not performed any financial / non-financial transaction for a customer for a continuous period of three months, acquiring bank shall carry out KYC of ATO before enabling him / her to transact further.
“In recent times, there have been reports of frauds perpetuated through AePS due to identity theft or compromise of customer credentials. To protect bank customers from such frauds, and to maintain trust and confidence in the safety and security of the system, a need is felt to enhance the robustness of AePS,” RBI said.
Banks must monitor the activities of ATOs through their transaction monitoring systems on an ongoing basis and set operational parameters, based on business risk profile of the ATOs. Location and type of the ATO, volume and velocity of transactions, etc. shall form part of bank’s fraud risk management framework, RBI said.
Operational parameters regarding ATOs shall also be reviewed on a periodic basis, reflecting emerging fraud trends.
However, if the due diligence of ATOs has already been done in their capacity as business correspondent / sub-agent, then the same may be adopted
Content Source: economictimes.indiatimes.com