Licensees must take appropriate measures to authenticate the identity and authorisation of customers when the customer accesses the online or digital platform or when a transaction is initiated on the platform.
Licensees must, at a minimum, establish adequate security features for customer authentication including the use of at least two different elements out of the following three elements:
(a) Knowledge (something only the user knows), such as pin or password;
(b) Possession (something only the user possesses) such as mobile phone, smart watch, smart card or a token; and
(c) Inherence (something the user is), such as fingerprint, facial recognition, voice patterns, DNA signature and iris format.
Added: July 2023
