Back Custom print Link Text Only Rich Text Print

  • Multi Factor Authentication

    • CRA-5.9.1

      Licensees must ensure that every client account is secured to prevent any unauthorized access to or use of client account.

      Added: October 2023

    • CRA-5.9.2

      Licensees must use multi-factor authentication (two or more factors) to authenticate the identity and authorisation of clients with whom it conducts business. Licensees must, at a minimum, establish adequate security features for client authentication including the use of at least two of the following three elements:

      (a) Knowledge (something that only the user knows), such as a pin or password;
      (b) Possession (something only the user possesses such as a mobile phone, smart watch, smart card or a token; and
      (c) Inherence (something that the user is), such as fingerprint, facial recognition, voice patterns, DNA signature and iris format.
      Added: October 2023

    • CRA-5.9.3

      Licensees must ensure that at least one of the factors for authentication referred to in Paragraph CRA-5.9.2 is a dynamic or non-replicable factor unless one of the factors is inherence.

      Added: October 2023

    • CRA-5.9.4

      For the purpose of CRA-5.9.2, licensees must ensure that the authentication elements are independent from each other, in that the breach of one does not compromise the reliability of the other and are sufficiently complex to prevent forgery.

      Added: October 2023