OB-2.2.3

Location:

Versions

Past version: Effective from 01 Dec 2018 to 30 Jun 2021
To view other versions open the versions tab on the right

PISPs and AISPs must adopt security measures that meet the following requirements:

(a) the authentication code generated must be specific to the payment transaction and the payee agreed to by the payer when initiating the transaction; and

(b) the authentication code accepted by the licensee maintaining customer account corresponds to the original specific amount of the payment transaction and to the payee agreed to by the payer;

(c) a SMS message must be sent to the customer upon accessing the online portal or application and when a transaction is initiated and executed;

(d) any change to the amount or the payee must result in the invalidation of the authentication code generated.

Added: December 2018