Back Custom print Link Text Only Rich Text Print

  • Secure Authentication

    • RM-1.5.7

      Licensees must take appropriate measures to authenticate the identity and authorisation of customers when the customer accesses the online or digital platform or when a transaction is initiated on the platform.

      Licensees must, at a minimum, establish adequate security features for customer authentication including the use of at least two different elements out of the following three elements:

      (a) Knowledge (something only the user knows), such as pin or password;
      (b) Possession (something only the user possesses) such as mobile phone, smart watch, smart card or a token; and
      (c) Inherence (something the user is), such as fingerprint, facial recognition, voice patterns, DNA signature and iris format.
      Added: July 2023

    • RM-1.5.8

      For the purpose of Paragraph RM-1.5.7, licensees must ensure that the authentication elements are independent from each other, in that the breach of one does not compromise the reliability of the others and are sufficiently complex to prevent forgery.

      Added: July 2023

    • RM-1.5.9

      For the purposes of Subparagraph RM-1.5.7 (b), where a customer’s mobile device is registered/marked as ‘trusted’ using knowledge, biometric or other authentication methods through the licensee’s application, the use of such mobile device would be considered as meeting the ‘possession’ element for authentication of future access or transactions using that device.

      Added: July 2023