SIO-9.7.2
Stablecoin issuers must use multi-factor authentication (two or more factors) to authenticate the identity and authorisation of clients with whom it conducts business. Licensees must, at a minimum, establish adequate security features for client authentication including the use of at least two of the following three elements:
(a) Knowledge (something that only the user knows), such as a pin or password;
(b) Possession (something only the user possesses such as a mobile phone, smart watch, smart card or a token; and
(c) Inherence (something that the user is), such as fingerprint, facial recognition, voice patterns, DNA signature and iris format.
Added: July 2025