The SBP directed banks and microfinance banks alike to carryout extensive vulnerability assessment and penetration testing to identify potential weaknesses in their Alternate Delivery Channels (ADCs) and payment systems, such as card systems, RTGS, SWIFT, Internet/mobile banking, and agent-based/Branchless Banking. The assessment reports, as well as action plans and timelines to address the vulnerabilities, are to be submitted to Payment Systems Department (PSD) by 31 March 2019. Also, by 31 December 2019, banks should arrange independent 3rd party review of their Alternate Delivery Channels (ADCs) and payment .
Moreover, starting from 1 January 2019, banks should send free of cost transaction alerts to their customers through both SMS and email for all international and domestic digital transactions including ATM, POS, and Internet banking transactions. By 31 January 2019, the card issuing banks must deploy real-time fraud monitoring tools and alert mechanisms, in order to detect potential fraudulent activities on their Card Systems.
Banks and microfinance banks (MFBs) are to activate online banking services, and will be solely responsible for ensuring customer authentication for activation of any ADC. Any loss of customer funds due to false activation of any ADCs should be compensated by the respective bank or MFB.
The card-issuing banks are asked to acquire or upgrade the capability to enable their customers to activate or block their cards for online or cross-border transactions. They should also replace all existing payment cards – except social transfer cards – with EMV chip-and-PIN payment cards by 30 June 2019.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now