Banks warned on transaction security
BANKS will be liable for “serious” offenses they fail to adopt multi-factor authentication (MFA) for card transactions, the Bangko Sentral ng Pilipinas (BSP) said.
In a memorandum, central bank Deputy Governor Chuchi Fonacier noted that the September 30 deadline - tons (BSFIs) to adopt MFA techniques had lapsed.
“In this regard, the BSP reiterates that non-compliance with the aforementioned requirement shall be clas
Alternatively, Fonacier said nonor partially-compliant BSFIs should undertake the following pending full implementation of MFA solutions:
• disable functionalities used to facilitate sensitive communications and/or high risk transactions; or
• implement acceptable interim/ compensating controls to mitigate the risk of fraud and protect cardholders.
The Bangko Sentral ordered the adoption of MFA in response to increasingly sophisticated cyberattacks directed at fund transfers, payments and other online transactions.
It expects cyber attackers to come up with new schemes as the banking industry adopts chip-based or EMV technology for automated teller machines (ATMs) and credit cards and drops the use of magnetic stripes.
The regulator had said that with the ongoing migration to EMV technology, cyber attackers face reduced fraud opportunities using traditional schemes that require customers to physically present or use their cards at ATMs and point of sales terminals.
It expects cyber attacks to zero-in on card-not-present (CNP) transactions, similar to the experience of other countries that have adopted EMV
B3