Skip to main content

Compliance

This guide covers regulatory compliance considerations when using TxnCheck API for identity verification and fraud prevention in India.

Regulatory Landscape

RBI Guidelines

Reserve Bank of India regulations for KYC and payment security

IT Act 2000

Information Technology Act provisions for data protection

DPDP Act 2023

Digital Personal Data Protection Act requirements

PCI DSS

Payment Card Industry Data Security Standard

RBI KYC Compliance

Periodic Re-KYC

RBI requires periodic re-verification:

DPDP Act 2023 Compliance

The Digital Personal Data Protection Act requires explicit consent:

Data Principal Rights

Implement rights management:

PCI DSS Compliance

If processing payment data alongside TxnCheck:

Requirement 3: Protect Stored Data

Requirement 10: Track Access

Audit Trail Requirements

What to Log

Audit Log Schema

Compliance Reporting

Generate Compliance Reports

Regular Compliance Reviews

Data Processing Agreement

Ensure your agreement with TxnCheck covers:
  • Categories of personal data processed
  • Purpose limitation
  • Data retention periods
  • Sub-processor disclosure
  • Encryption standards
  • Access controls
  • Incident response procedures
  • Audit rights
  • Process for handling requests
  • Response timeframes
  • Cooperation requirements
  • Notification timeframes (72 hours)
  • Information to be provided
  • Remediation procedures

Compliance Checklist

Before Going Live

1

Legal Review

Have legal team review TxnCheck DPA and terms
2

Consent Flow

Implement and test consent collection
3

Data Mapping

Document all data flows and storage locations
4

Audit Logging

Verify audit logs capture required events
5

Retention Policies

Configure automated data deletion
6

Rights Handling

Implement data subject request workflows

Ongoing Compliance

  • Monthly access reviews
  • Quarterly consent audits
  • Annual security assessment
  • Regular policy updates
  • Staff training on data handling

Penalties for Non-Compliance

Non-compliance with data protection regulations can result in significant financial penalties and reputational damage. Consult with legal and compliance experts for your specific situation.

Resources

RBI Master Direction

KYC Master Direction 2016

DPDP Act 2023

Digital Personal Data Protection Act

Data Handling

PII handling best practices

Security Overview

Complete security guide