Back Custom print Link Text Only Rich Text Print

  • Secure authentication

    • GR-6.3.12

      Conventional retail bank licensees must have in place a strong customer authentication process and ensure the following:

      (a) no information on any of the elements of the strong customer authentication can be derived from the disclosure of the authentication code;
      (b) it is not possible to generate a new authentication code based on the knowledge of any other code previously generated; and
      (c) the authentication code cannot be forged.

       

      Amended: July 2021
      Added: April 2019

    • GR-6.3.13

      Conventional retail bank licensees must adopt security measures that meet the following requirements for payment transactions:

      (a) the authentication code generated must be specific to the amount of the payment transaction and the payee agreed to by the payer when initiating the transaction;
      (b) the authentication code accepted by the licensee maintaining customer account corresponds to the original specific amount of the payment transaction and to the payee agreed to by the payer;
      (c) a SMS message must be sent to the customer (or through alternative means of communication for legal persons) upon accessing the online portal or application and when a transaction is initiated; and
      (d) any change to the amount or the payee must result in the invalidation of the authentication code generated.
      Amended: September 2024
      Amended: July 2021
      Added: April 2019