Versions

 

OB-2.2.9

For the purpose of Paragraph OB-2.2.8, AISPs and PISPs must ensure that each of the following requirements are met:

(a) personalised security credentials are masked when displayed and not readable in their full extent when input by the customer during the authentication;
(b) personalised security credentials in data format, as well as cryptographic materials related to the encryption of the personalised security credentials are not stored in plaintext;
(c) secret cryptographic material is protected from unauthorised disclosure.
Added: December 2018