Central Payments Fraud Information Registry – Migration of Reporting to DAKSH

RBI/2022-23/158
CO.DPSS.OVRST.No.S1619/06-08-005/2022-2023 December 26, 2022
The Chairman / Managing Director / Chief Executive Officer
Banks, Non-bank Payment System Operators (PSOs) and
Credit Card issuing Non-Banking Financial Companies (NBFCs)
Madam / Dear Sir,
Central Payments Fraud Information Registry – Migration of Reporting to DAKSH
As announced in the Monetary Policy Statement 2019-20 on August 07, 2019, the Reserve
Bank of India (RBI) had operationalised the Central Payments Fraud Information Registry
(CPFIR) in March 2020 with reporting of payment frauds by scheduled commercial banks and
non-bank Prepaid Payment Instrument (PPI) issuers.

  1. To streamline reporting, enhance efficiency and automate the payments fraud
    management process, the fraud reporting module is being migrated to DAKSH – Reserve
    Bank’s Advanced Supervisory Monitoring System. The migration will be effective from
    January 01, 2023, i.e., entities shall commence reporting of payment frauds in DAKSH from
    this date. In addition to the existing bulk upload facility to report payment frauds, DAKSH
    provides additional functionalities, viz. maker-checker facility, online screen-based reporting,
    option for requesting additional information, facility to issue alerts / advisories, generation of
    dashboards and reports, etc. The reporting guidelines are mentioned in the Annex.
  2. These directions are issued under Section 10 (2) read with Section 18 of Payment and
    settlement Systems Act, 2007 (Act 51 of 2007).
    Yours faithfully,
    (P. Vasudevan)
    Chief General Manager
    (Annex to Circular CO.DPSS.OVRST.No.S1619/06-08-005/2022-2023 dated December 26,
    2022)
    Annex
    CPFIR – Reporting Guidelines
    • All RBI authorised Payment System Operators (PSOs) / providers and payment system
    participants operating in India are required to report all payment frauds, including
    attempted incidents, irrespective of value, either reported by their customers or detected
    by the entities themselves. This reporting was earlier facilitated through Electronic Data
    Submission Portal (EDSP) and is being migrated to DAKSH.
    • The responsibility to submit the reported payment fraud transactions shall be of the issuer
    bank / PPI issuer / credit card issuing NBFCs, whose issued payment instrument has been
    used in the fraud.
    • Entities are required to validate the payment fraud information reported by the customer
    in their own systems to ensure the authenticity and completeness, before reporting the
    same to RBI on individual transaction basis.
    • Entities are required to report payment frauds (domestic and international) to CPFIR as
    per the specified timelines (currently within 7 calendar days from date of reporting by
    customer / date of detection by the entity).
    • Entities may continue to report payment frauds as per the extant reporting format using
    the bulk upload facility in DAKSH or report individual payment frauds online using the
    screen-based facility under the Incident Module of the DAKSH platform.
    • After go-live of payment fraud reporting in DAKSH effective January 01, 2023, entities
    shall not be able to report any payment frauds in EDSP. Entities may, however, continue
    to update and close payment frauds that were reported in EDSP until December 31, 2022.
    Reserve Bank shall subsequently migrate the historical data from EDSP to DAKSH.
    • The reporting format remains unchanged (Appendix).
    • Though some elements / fields of the Reporting Format are indicated as ‘Optional’, entities
    shall strive to include them as part of initial reporting itself and only in exceptional cases
    be reported as updates.
    Appendix
    CPFIR – Payment Fraud Reporting
    The data collection file format is a combination of a single Header row and one or more data rows.
    The Header row is used to collect the metadata information about the data submitted by the
    reporting entity and data row contains details of the payment fraud reported.
    Header Format
    Field Name Field Length Comments Example
    Return Code 3 Must be ‘PFR’ (Payment Fraud Reporting) PFR
    Flag 1
    I – To identify the file has come for inserting the
    records for initial reporting
    U – To identify file has come for updating the
    records already reported
    I or U
    Reporting
    Entity Code
    Upto 7 digit As per the Centralised Information System for
    Banking Infrastructure (CISBI) of RBI 010
    File Submission
    Date
    8 Must be ‘DDMMYYYY’ 21012020
    Record Count 20 Number of data rows present in the submitted
    file excluding header 1
    Note:
    • All individual fields must be separated by a colon (:).
    • Header record must end with semi-colon (;)
    Example:
    PFR:I:010:21012020:1;
    Data Row Format
    Field Name Field
    Length
    Mandatory
    (M) /
    Optional (O)
    Guidelines Comments
    Internal
    identifier used
    by bank / nonbank entity
    20 O
    Alphanumeric field that
    can be used by reporting
    entity for their internal
    reference, if required.
    Only alphanumeric,
    underscore, hyphen
    and multiple spaces
    are allowed.
    Was the
    fraud
    reported by customer ?
    1
    M
    If fraud reported by
    Customer
    – Y;
    If fraud detected by Bank
    / non
    -bank entity
    – N;
    Was it an attempted fraud ?
    1
    M If attempted fraud
    – Y;
    Else
    – N;
    Payment transaction instrument
    used
    3
    M
    Three digit code from the
    master data code list
    provided in Annex of this
    document.
    Payment system category
    3
    M
    Three digit code from the
    master data code list
    provided in Annex of this
    document.
    System involved in
    the fraudulent
    transaction
    10
    M
    System
    involved to be
    selected from the master
    data provided in Annex
    of this document.
    Payment channel used
    for fraudulent
    transaction
    3
    M
    Three digit code from the
    master data code list
    provided in Annex of this
    document.
    Nature of fraudulent
    transaction
    3
    O
    Three digit code from the
    master data code list
    provided in Annex of this
    document.
    Date of
    occurrence of
    the fraud as
    identified by
    the bank /
    non
    -bank
    entity
    8
    If Fraud
    Reported by
    Customer =
    No; M
    Must be DDMMYYYY
    Date of
    detection of
    the fraud by

bank / non

bank entity
8 Must be DDMMYYYY
Date of
entering in the
system
8 Must be DDMMYYYY
Date of
occurrence of
the fraud
transaction
reported by
customer
8 If Fraud
Reported by
Customer =
Yes; M
Must be DDMMYYYY
Time of
occurrence of
the fraud
8 Must be HH:MM:SS
transaction
reported by
customer
Reporting
date of fraud
by the
customer to
bank / PPI
issuer / PSO
8 Must be DDMMYYYY
Date of
entering the
fraud by the
bank / PPI
issuer / PSO
in the system
8 Must be DDMMYYYY
Unique
Transaction
Reference
No. of the
fraudulent
transaction
35 M
Unique Transaction
Reference No. generated
by the payment system
that has processed the
payment transaction.
For attempted frauds that
do not have any UTR,
entities may specify
ATTEMPTEDXXXX
where XXXX is a
sequence number.
Only alphanumeric,
underscore and
hyphen are allowed.
Is the fraud a
domestic
transaction?
1 M If domestic transaction –
Y; else – N;
Reporting
customer
name
100 If Fraud
Reported by
Customer =
Yes; M
Name of the customer
Only alphabets,
numbers, dot,
parentheses, single
quote / apostrophe,
ampersand, comma,
hyphen, forward
slash, back slash,
underscore and
multiple spaces are
allowed.
Reporting
customer
mobile no.
15
Only numeric, single
space, plus (1st char)
and hyphen are
allowed.
Reporting
customer email
50 O Standard characters
accepted in e-mail
Any other
detail of the
reporting
customer
100 O
Only alphabets,
numbers, hyphen,
dot, comma, single
quote, colon, semi
colon, forward slash
and multi-spaces
between them are
allowed.
Was any PA /
PG Involved ? 1 M If PA / PG involved – Y;
else – N;
If PA / PG
involved, the
name may be
provided
100
If PA / PG
Involved = Y;
M
Only alphabets,
numbers, hyphen,
dot, comma, single
quote, colon, semi
colon, forward slash,
parentheses,
ampersand, back
slash, @ sign, hash,

  • and multiple spaces
    are allowed.
    Was any third
    party PSP
    involved ?
    1 M If third party PSP
    involved -Y; else N;
    If third party
    PSP involved,
    the name may
    be provided
    100
    If Third party
    PSP
    involved = Y;
    M
    Only alphabets,
    numbers, hyphen,
    dot, comma, single
    quote, colon, semi
    colon, forward slash,
    parentheses,
    ampersand, back
    slash, @ sign, hash,
    +, multiple spaces
    are allowed.
    Amount
    involved (INR
    actuals) in the
    fraudulent
    transaction
    20
    If Attempted
    Fraud = N;
    M
    Amount in rupees Only numbers are
    allowed.
    Amount
    recovered
    (INR actuals)
    in the
    fraudulent
    transaction
    20 O Amount in rupees
    Only numbers are
    allowed.
    Was
    insurance
    coverage
    available ?
    1 O If insurance coverage
    available – Y; else – N;
    Name of
    insurer and
    per
    transaction
    coverage
    amount
    2000
    If Insurance
    Coverage =
    Y; M
    Only alphabets,
    numbers, hyphen,
    dot, comma, single
    quote, double quotes,
    ampersand, colon,
    semicolon,
    parentheses, forward
    slash, dollar, euro,
    pound, rupee, krona,
    back slash, multiple
    spaces and line break
    are allowed.
    Amount
    recovered
    due to
    Insurance
    cover
    20
    If Insurance
    Coverage =
    Y; M
    Only numbers are
    allowed.
    Beneficiary
    name
    100 O Name of the Beneficiary
    Only alphabets,
    numbers, dot,
    parentheses,
    single quote /
    apostrophe,
    ampersand, comma,
    hyphen, forward
    slash, back slash,
    underscore and
    multiple spaces are
    allowed.
    Beneficiary
    mobile 15 O
    Only numeric, single
    space, plus (1st char)
    and hyphen are
    allowed.
    Beneficiary email 50 O
    Standard characters
    accepted in e-mail
    Beneficiary
    account
    number
    50 O
    Only numbers and
    alphabets are
    allowed.
    Beneficiary
    bank 7 O
    Bank Working Code from
    CISBI. For Non-Bank the
    code provided by DPSS
    Beneficiary
    branch (part 1
    code)
    7 O
    Part 1 Code to be
    provided here as per the
    CISBI
    Beneficiary
    branch IFSC 11 O IFSC for the Branch
    Only numbers and
    alphabets are
    allowed.
    Beneficiary
    PAN card no.
    10 O
    Only numbers and
    alphabets are
    allowed.
    Beneficiary debit / credit card no.
    16
    O Only numbers are
    allowed.
    Beneficiary
    PPI
    card /
    wallet
    no.
    50
    O
    Only alphabets,
    numbers, + and
    multiple spaces are
    allowed.
    Beneficiary
    UPI ID 50
    O
    Only alphabets,
    numbers, @ sign, dot
    and hyphen are
    allowed in standard
    pattern.
    @ is mandatory for
    UPI ID.
    In case the
    transaction is based
    on UPI Number that
    should be entered. (
    @ is not required)
    Name of destination
    PPI
    issuer
    100
    O
    Only alphabets,
    numbers, hyphen,
    dot, single quote,
    colon, semi colon,
    forward slash,
    parentheses, ampersand, back
    slash,
    @ sign,
    hash,
  • and multiple spaces
    are allowed.
    Destination merchant ID 50
    O
    Only alphabets,
    numbers, forward
    slash, parentheses,
    dot, ampersand
    ,
    comma, colon, star,
    hash, underscore,
    single quote /
    apostrophe,
  • and
    multiple spaces are
    allowed.
    Destination merchant name
    100
    O
    Only alphabets,
    numbers, forward
    slash, parentheses,
    dot, ampersand
    ,
    comma, colon, star,
    hash, underscore,
    single quote /
    apostrophe,
    +
    andmultiple spaces
    are allowed.
    Destination payment gateway / aggregator
    50
    O
    Only alphabets,
    numbers, hyphen,
    dot, comma, single
    quote, colon,
    semicolon, forward
    slash, parentheses,
    Ampersand, Back
    slash,
    @
    ,
    hash,
  • and
    multiple spaces are
    allowed.
    Destination
    ATM ID 50
    O
    Only alphabets and
    numbers are allowed.
    Suspect website used 100
    O Website address
    Only alphabets,
    numbers, hyphen,
    dot
    , comma
    , single
    quote
    , colon
    , semi
    colon
    , forward slash,
    hash and no spaces
    are allowed.
    Suspect mobile app
    used
    100
    O
    Only alphabets,
    numbers, hyphen,
    dot, comma, single
    quote, colon, semi
    colon, forward slash,
    hash and multiple
    spaces between them
    are allowed.
    Suspect device ID 50
    O
    Only alphabets,
    numbers, hyphen,
    dot, comma, single
    quote, colon, semi
    colon, forward slash,
    hash and multiple
    spaces between them
    are allowed.
    Suspect IP
    Address 50
    O
    Only numbers, dot
    and colon are
    allowed.
    Suspect IMEI number 20
    O
    Only alphabets and
    numbers are allowed.
    Suspect geotag ID 50
    O
    Only alphabets,
    numbers, hyphen,
    dot, comma, single
    quote, colon, semi
    colon, forward slash
    and multiple spaces
    between them are
    allowed.
    Any
    other
    details of suspect
    100
    O
    Only alphabets,
    numbers, hyphen,
    dot, comma, single
    quote, colon, semi
    colon, forward slash,
    hash and multiple
    spaces between them
    are allowed.
    Initial
    inputs
    on
    modus
    operandi of fraud
    2000
    O Fraud related
    information
    , if any
    Only alphabets,
    numbers, hyphen,
    dot, comma, single
    quote, double quotes,
    ampersand, colon,
    semi colon,
    parentheses, forward
    slash, dollar, euro,
    pound, rupee, krona,
    line break and
    multiple spaces
    between them are
    allowed.
    Modus
    operandi

    update 1
    2000
    O Fraud related updates
    , if
    any
    Only alphabets,
    numbers, hyphen,
    dot, comma, single
    quote, double quotes,
    ampersand, colon,
    semi colon,
    parentheses, forward
    slash, dollar, euro,
    pound, rupee, krona,
    line break and
    multiple spaces
    between them are
    allowed.
    Modus
    operandi

    update 2
    2000
    O Fraud related updates
    , if
    any
    Only alphabets,
    numbers, hyphen,
    dot, comma, single
    quote, double quotes,
    ampersand, colon,
    semi colon,
    parentheses, forward
    slash, dollar, euro,
    pound, rupee, krona,
    line break and
    multiple spaces
    between them are
    allowed.
    Modus
    operandi

    update 3
    2000
    O Fraud related updates
    , if
    any
    Only alphabets,
    numbers, hyphen,
    dot, comma, single
    quote, double quotes,
    ampersand, colon,
    semi colon,
    parentheses, forward
    slash, dollar, euro,
    pound, rupee, krona,
    line break and
    multiple spaces
    between them are
    allowed.
    Modus
    operandi

    update 4
    2000
    O Fraud related updates
    , if
    any
    Only alphabets,
    numbers, hyphen,
    dot, comma, single
    quote, double quotes,
    ampersand, colon,
    semi colon,
    parentheses, forward
    slash, dollar, euro,
    pound, rupee, krona,
    line break and
    multiple spaces
    between them are
    allowed.
    Modus
    operandi

    update 5
    2000
    O Fraud related updates
    , if
    any
    Only alphabets,
    numbers, hyphen,
    dot, comma, single
    quote, double quotes,
    ampersand, colon,
    semi colon,
    parentheses, forward
    slash, dollar, euro,
    pound, rupee, krona,
    line break and
    multiple spaces
    between them are
    allowed.
    False
    alert

    transaction
    was
    not a
    fraud
    1
    O Must be Y/N, after
    investigation done
    Fraud was registered
    with Law
    Enforcement
    Agencies
    1
    O Y/N to be provided
    (LEA) / subjudice
    If fraud was
    registered
    with LEA,
    details of
    case reported
    500 O
    Details to be provided if
    the above field response
    is YES
    Only alphabets,
    numbers, hyphen,
    dot, comma, single
    quote, double quotes,
    ampersand, colon,
    semicolon,
    parentheses, forward
    slash, dollar, euro,
    pound, rupee, krona,
    line break and
    multiple spaces
    between them are
    allowed.
    Has the fraud
    incident been
    closed?
    1 M Must be Y/N
    Date of
    closure of
    fraud
    8
    If Fraud
    Closed = Y;
    M
    Details to be provided if
    the above field response
    is yes in DDMMYYYY
    format
    Date should be lesser
    than or equal to
    current date and
    greater than or equal
    to occurrence date as
    well as detection
    date.
    Justification
    for closure of
    fraud
    2000
    If Fraud
    Closed = Y;
    M
    Details to be provided if
    the above field response
    is yes
    Only alphabets,
    numbers, hyphen,
    dot, comma, single
    quote, double quotes,
    ampersand, colon,
    semicolon,
    parentheses, forward
    slash, dollar, euro,
    pound, rupee, krona,
    line break and
    multiple spaces
    between them are
    allowed.
    Any other
    information
    pertaining to
    the fraud
    2000 O
    Only alphabets,
    numbers, hyphen,
    dot, comma, single
    quote, double quotes,
    ampersand, colon,
    semicolon,
    parentheses, forward
    slash, dollar, euro,
    pound, rupee, krona,
    line break and
    multiple spaces
    between them are
    allowed.
    Steps taken
    to address /
    prevent such
    frauds in
    future
    2000 O
    Only alphabets,
    numbers, hyphen,
    dot, comma, single
    quote, double quotes,
    ampersand, colon,
    semicolon,
    parentheses, forward
    slash, dollar, euro,
    pound, rupee, krona,
    line break and
    multiple spaces
    between them are
    allowed.
    Note:
    • Mandatory fields once submitted cannot be modified (except for fraud closed which can
    be updated from No to Yes).
    • Once a fraud is closed, no updates are permitted.
    • The output file generated for successful records shall contain a Fraud Reference Number
    (FRN) assigned to all successfully inserted records. The FRN shall begin with ‘F’ for actual
    frauds and ‘A’ in case of attempted frauds. The same FRN must be used for reporting
    Updates.
    • The format for reporting updates is same as the format for initial reporting (Insert). Only
    the FRN generated during initial (Insert) reporting must be appended at the start of the
    record followed by pipe (|).
    • Although some fields are marked as optional, entities are advised to report maximum
    available data to facilitate analysis and strengthen the ecosystem.
    • All data elements to be separated by pipe (|).
    • No additional character to be included at the end of each record.
    Example: Insert record
    CAN15112022000043446|Y|N|DEC|CAN|VISA|POS|OTH|||16112022|07112022|14:15:03|1411
    2022|16112022|231108479433|Y|SANDEEP R
    PATEL|1234567890|||N||N||18805.62||Y|National – 100000|0.00||||||||||||||||||||||||SUSPECTED
    FRAUD TRANSACTION|||||||N||N||||
    Example: Update record
    F010161120221|CAN15112022000043446|Y|N|DEC|CAN|VISA|POS|OTH|||16112022|0711202
    2|14:15:03|14112022|16112022|231108479433|Y|SANDEEP R
    PATEL|1234567890|||N||N||18805.62||Y|National – 100000|0.00||||||||||||||||||||||||SUSPECTED
    FRAUD TRANSACTION|||||||N||N||||
    Annex
    Payment Transaction Instrument
    Payment Transaction
    Instrument Code Payment Transaction Instrument
    BNK Bank Account
    PAI Paper Instruments
    DEC Debit Cards (including tokenised debit card or virtual debit card)
    CRC Credit Cards (including tokenised credit card or virtual credit card)
    PPI Pre-paid Payment Instruments (wallet or physical card)
    OTH Other
    Payment System Category
    Payment System Code Payment System Involved
    ROP RBI Operated Payment Systems (RTGS / NEFT)
    NOP NPCI Operated Payment Systems (IMPS, NACH, UPI, BBPS, NETC,
    CTS, AEPS, BHIM Aadhaar Pay)
    CAN Card Networks (VISA, Mastercard, Rupay, Diners, Amex)
    ATM ATM Networks
    PII Prepaid Payment Instrument Issuers
    CMO Cross-Border Money Transfer Operators
    TRD Trade Receivables Discounting System (TReDS)
    IMO Instant Money Transfer Operators
    INB Intra-Bank (Banks’ Core Banking System)
    OTH Other
    Payment System Involved : Payment System
    Involved Name of Payment System Payment System
    Code
    Based on input in 3C – Payment system category,
    the name of payment system used – RBI operated
    payment systems
    Real Time Gross Settlement RTGS
    National Electronic Funds Transfer NEFT
    NPCI Operated Payment Systems Immediate Payment Service IMPS
    National Automated Clearing House NACH
    Unified Payments Interface UPI
    Bharat Bill Payment System BBPS
    National Electronic Toll Collection NETC
    Cheque Truncation System CTS
    Aadhaar enabled Payment System AEPS
    BHIM Aadhaar Pay BHIMAP
    Card Networks (Visa, Mastercard, Rupay, Diners,
    Amex)
    American Express Banking Corp.,
    USA AMEX
    Diners Club International Ltd., USA DINERS
    MasterCard Asia / Pacific Pte. Ltd.,
    Singapore MASTER
    National Payments Corporation of
    India (RuPay) NPCI
    Visa Worldwide Pte. Limited,
    Singapore VISA
    ATM Networks (list of authorised ATM networks); Bank of India BOIATM
    Euronet Services India Private
    Limited EURATM
    National Payments Corporation of
    India (NFS) NFSATM
    Punjab National Bank PNBATM
    State Bank of India SBIATM
    Other – On Us Transaction ONUS
    Prepaid Payment Instrument Issuers Prepaid Payment Instrument Issuers
    – Not Applicable PPI-NA
    Cross-Border Money Transfer Operators (list of
    authorised MTSS Principals); Bahrain Financing Company, BSC (C) BFCBSC
    Continental Exchange Solutions Inc,
    USA CESUSA
    Fast Encash Money Transfer Services
    Ltd. FEMTSL
    Mastercard Transaction Services
    (Canada) Inc.(formerly Transfast Inc.,
    Canada and Global Foreign Exchange
    Inc.)
    TICCAN
    MoneyGram Payment Systems Inc,
    USA. MGPUSA
    Muthoot Finserve USA Inc. {formerly
    Royal Exchange (USA) Inc.} MUTUSA
    UAE Exchange Centre LLC, UAE UAEECL
    Wall Street Exchange Centre LLC,
    UAE WSEUAE
    Western Union Financial Services
    Incorporated, USA WUFUSA
    TReDS (list of authorised TReDS entities); A.TREDS Limited ATREDS
    Mynd Solutions Private Limited MTREDS
    Receivables Exchange of India
    Limited (RXIL) RTREADS
    Instant Money Transfer Operators – Not
    Applicable;
    Instant Money Transfer Operators –
    Not Applicable; IMTP-NA
    Intra-Bank – Not Applicable; Intra-Bank – Not Applicable; INTRA-NA
    Others – Not Applicable; Others – Not Applicable; OTH-NA
    Payment Channel Used
    Payment Channel Code Payment Channel Used
    BRN Branch
    INT Internet (Online)
    MBL Mobile
    ITB Internet Banking
    MOB Mobile Banking
    ATM ATM
    POS POS
    BCA BC Agent
    IVR IVR
    MOT MOTO
    OTH Others
    Nature of Fraud
    Fraud Nature Code Nature of Fraud
    ACH Account Hacking / Compromise / Identity theft
    PHH Phishing
    RMD Remote Capture of Device
    LSI Lost / Stolen Device / Instrument
    CRS Card Skimming
    VIS Vishing
    SMI Smishing
    SIS SIM Swap
    WBC Website Cloning / Fraudulent Link
    FRA Fraudulent App
    EHC Email Hacking / Compromise
    FMP Forgery / Modification of Payment
    MRC Merchant Collusion
    CLR Collect Payment Request
    OTH Other

Leave a Reply

Your email address will not be published. Required fields are marked *