SBP issues major measures against cybercrime
ISLAMABAD: The State Bank of Pakistan (SBP) has issued a number of measures against cybercrime to safeguard banks and microfinance banks (MFBS) and their customers from potential frauds.
The directive came in the aftermath of a Pakistani bank reporting a loss of Rs2.6 million last month.
Banks and MFBS will immediately carry out extensive vulnerability assessment and penetration testing to identify potential weaknesses in their Alternate Delivery Channels (ADCS) and payment systems including, but not limited to, card systems, RTGS, SWIFT, internet/mobile banking and agentbased/branchless banking etc, said the SBP.
The assessment reports along with action plans and timelines to address the vulnerabilities will be submitted to Payment Systems Department (PSD) latest by March 31, 2019, the SBP directed.
In addition, the banks will arrange independent third party audit of their ADCS and payment systems. These reports are to be submitted to PSD latest by Dec.31, 2019.
With effect from Jan.1, 2019, banks/mfbs will send free of cost transaction alerts to their customers through both SMS and email for all international and domestic digital transactions, the SBP said.
It said banks will be solely responsible for ensuring customer authentication for activation of any ADCS. Further, any loss of customer funds due to false activation of ADCS will have to be compensated by the respective bank/mfb.
All card-issuing banks will acquire or upgrade the capability to enable their customers to activate or block their cards for online/ cross-border transactions as and when required by them, latest by March 31, 2019. These banks will replace all existing payment cards (except social transfer cards) with EMV chip-and-pin payment cards latest by June 30, 2019.
Banks/mfbs will deploy realtime fraud monitoring tools and alert mechanisms, preferably provided by their payment schemes, to detect potential fraudulent activities on their card systems latest by Jan 31, 2019.
Banks will also make arrangements to monitor on 24/7 basis usage/activity regarding payments made through their cards or online transactions on internet banking platforms.
“They will immediately review their existing agreements with payment schemes to identify clauses that may expose them to potential financial, legal and operational risks arising due to cyber-attacks or crimes,” said the central bank.
A man stands outside a bank in Islamabad.