On Jun. 21, MAC MA reminded re enhanced measures implementation.
MAC MA urged banks to implement measures on further enhancement of bank card security and customer protection by Dec. 31, or be subject to further supervision.
Document dated Jun. 21, 2024, received from MAC MA Aug. 20, summarized Aug. 22.
Background
MAC MA issued measures to enhance bank card security on Dec. 28, 2023 and required financial institutions to implement the enhanced measures by Jun. 30, 2024.
However, some banks have not yet implemented measures due to limited resources.
MAC MA urged those banks to implement the enhanced measures by Dec. 31, 2024.
Enhanced Measures
When customers bind their bank cards to near field communication (NFC) mobile payment tool, additional verification methods are required besides one-time passcode.
When customers activate the card, banks shall disclose the credit limit to customers.
The activation of the default card-not-present transaction function on the bank card should only come after customer explicitly agrees to the credit limit and the function.
Allow customers to set available limits on card-not-present transactions if possible.
Provide multiple channels for customers to reduce credit limit, cancel or restart the cardless transaction function, immediately freeze or report loss of the bank card.
For double verification of transactions, verification methods such as biometric verification/mobile security codes, that can better resist fraud such as phishing or malware should be provided, instead of one-time SMS verification.
Improve the monitoring system to make better use of transaction-related information obtained from card organizations, such as information provided by 3DS 2.0 mechanism.
If a suspected fraudulent transaction is detected, besides the two-factor verification, the customer's confirmation should be obtained through one more verification method.
Effectiveness
Banks that have not done so are expected to implement measures by Dec. 31, 2024.
