On Apr. 14, PAK CB announced measures of digital banking security.
PAK CB announced measures to enhance security of digital banking products/services.
Measures
Adoption of digitization needs to be supplemented with necessary controls to mitigate the risk of fraud, and banks are encouraged to implement appropriate controls.
Banks/MFBs are advised to develop a comprehensive plan with monthly milestones.
Such plans must be implemented by Dec. 31, 2023, duly approved by the CEO and submitted to a relevant PAK CB banking supervision department by May 14, 2023.
Thereafter, a monthly progress report shall be submitted to the concerned banking supervision department within 10 days from the close of each calendar month.
Banks/MFBs failing to implement such controls within the stipulated timeline are liable to compensate their victim customers within 3 working days of the reporting of fraud.
Dec. 2024 Customer Notifications
On Dec. 10, 2024, PAK CB issued circular that says banks/ micro-finance banks (MFBs) that implemented specified measures can replace SMS-based one time passwords (OTPs) for financial transactions with transaction PIN or financial PIN functionality.
Free transactional alerts can be sent via push notifications, in-app notifications, email.
Banks/MFBs must ensure in-app, push notifications are always enabled on customers' mobile apps and maintain logs of all transaction notifications for dispute resolution.
Customer notifications for financial transactions must adhere to templates (annex A).
In cases of fraud or unauthorized transactions via mobile apps, banks/MFBs are responsible for compensating affected customers under BPRD circular no. 4.
These new instructions will take effect on Jan. 1, 2025.
