SBP is­sues ma­jor mea­sures against cy­ber­crime

The Gulf Today - Business - - REGION - BY TARIQ BUTT

IS­LAM­ABAD: The State Bank of Pak­istan (SBP) has is­sued a num­ber of mea­sures against cy­ber­crime to safe­guard banks and mi­cro­fi­nance banks (MFBS) and their cus­tomers from po­ten­tial frauds.

The di­rec­tive came in the af­ter­math of a Pak­istani bank re­port­ing a loss of Rs2.6 mil­lion last month.

Banks and MFBS will im­me­di­ately carry out ex­ten­sive vul­ner­a­bil­ity assess­ment and pen­e­tra­tion test­ing to iden­tify po­ten­tial weak­nesses in their Al­ter­nate De­liv­ery Chan­nels (ADCS) and pay­ment sys­tems in­clud­ing, but not lim­ited to, card sys­tems, RTGS, SWIFT, in­ter­net/mobile bank­ing and agent­based/branch­less bank­ing etc, said the SBP.

The assess­ment re­ports along with ac­tion plans and time­lines to ad­dress the vul­ner­a­bil­i­ties will be sub­mit­ted to Pay­ment Sys­tems De­part­ment (PSD) lat­est by March 31, 2019, the SBP di­rected.

In ad­di­tion, the banks will ar­range in­de­pen­dent third party au­dit of their ADCS and pay­ment sys­tems. Th­ese re­ports are to be sub­mit­ted to PSD lat­est by Dec.31, 2019.

With ef­fect from Jan.1, 2019, banks/mfbs will send free of cost trans­ac­tion alerts to their cus­tomers through both SMS and email for all in­ter­na­tional and do­mes­tic dig­i­tal trans­ac­tions, the SBP said.

It said banks will be solely re­spon­si­ble for en­sur­ing cus­tomer au­then­ti­ca­tion for ac­ti­va­tion of any ADCS. Fur­ther, any loss of cus­tomer funds due to false ac­ti­va­tion of ADCS will have to be com­pen­sated by the re­spec­tive bank/mfb.

All card-is­su­ing banks will ac­quire or up­grade the ca­pa­bil­ity to en­able their cus­tomers to ac­ti­vate or block their cards for on­line/ cross-bor­der trans­ac­tions as and when re­quired by them, lat­est by March 31, 2019. Th­ese banks will re­place all ex­ist­ing pay­ment cards (ex­cept so­cial trans­fer cards) with EMV chip-and-pin pay­ment cards lat­est by June 30, 2019.

Banks/mfbs will de­ploy re­al­time fraud mon­i­tor­ing tools and alert mech­a­nisms, prefer­ably pro­vided by their pay­ment schemes, to de­tect po­ten­tial fraud­u­lent ac­tiv­i­ties on their card sys­tems lat­est by Jan 31, 2019.

Banks will also make ar­range­ments to mon­i­tor on 24/7 ba­sis us­age/ac­tiv­ity re­gard­ing pay­ments made through their cards or on­line trans­ac­tions on in­ter­net bank­ing plat­forms.

“They will im­me­di­ately re­view their ex­ist­ing agree­ments with pay­ment schemes to iden­tify clauses that may ex­pose them to po­ten­tial fi­nan­cial, le­gal and op­er­a­tional risks aris­ing due to cy­ber-at­tacks or crimes,” said the cen­tral bank.


A man stands out­side a bank in Is­lam­abad.

Newspapers in English

Newspapers from UAE

© PressReader. All rights reserved.