Back Custom print Link Text Only Rich Text Print

  • GR-12.1 GR-12.1 Electronic Frauds

    • GR-12.1.1

      PSPs must implement enhanced fraud monitoring of movements in customers’ accounts to guard against electronic frauds using various tools and measures, such as limits in value, volume and velocity.

      Added: January 2021

    • GR-12.1.2

      PSPs must have in place customer awareness communications, pre and post onboarding process, using video calls, short videos or pop-up messages, to alert and warn natural persons using online channels or applications about the risk of electronic frauds, and emphasise the need to secure their personal credentials and not share them with anyone, online or offline.

      Added: January 2021

    • Secure Authentication

      • GR-12.1.3

        PSPs and crowdfunding platform operators must take appropriate measures to authenticate the identity and authorisation of customers when the customer accesses the online or digital platform or when a transaction is initiated on the platform. Licensees must, at a minimum, establish adequate security features for customer authentication including the use of at least two different elements out of the following three elements:

        (a) Knowledge (something only the user knows), such as PIN or password;
        (b) Possession (something only the user possesses) such as mobile phone, smart watch, smart card or a token; and
        (c) Inherence (something the user is), such as fingerprint, facial recognition, voice patterns, DNA signature and iris format.
        Added: July 2023

      • GR-12.1.4

        For the purpose of Paragraph GR-12.1.3, licensees must ensure that the authentication elements are independent from each other, in that the breach of one does not compromise the reliability of the others and are sufficiently complex to prevent forgery.

        Added: July 2023

      • GR-12.1.5

        For the purposes of Subparagraph GR-12.1.3 (b), where a customer’s mobile device is registered/marked as ‘trusted’ using knowledge, biometric or other authentication methods through the licensee’s application, the use of such mobile device would be considered as meeting the ‘possession’ element for authentication of future access or transactions using that device.

        Added: July 2023