OB-1.1.12
Past version: Effective from 01 Dec 2018 to 30 Jun 2021
To view other versions open the versions tab on the right
A PISP must establish payment initiation procedures to ensure:
(a) that a customer's personalised security credentials are:
i. not accessible to other parties, with the exception of the issuer of the credentials; and
ii. transmitted through safe and efficient channels;
(b) that any other information about a customer is not provided to any person except a payee, and is provided to the payee only with the customer's explicit consent;
(c) that each time a customer initiates a payment order, identify himself to the PISP, the licensee with who he maintains the account in a secure way;
(d) that it will not store sensitive data (such as customer security credentials or other personalized data, the holding of which is not authorized by the customer , and data which may be used by the holder for unauthorized, fraudulent or illegal activity or transactions) of the customer ;
(e) that it will not use or access any information for any purpose except for the provision of a payment initiation service explicitly requested by a payer;
(f) that it cannot and does not change the amount, the payee or any other feature of a transaction notified to it by the customer .
Added: December 2018