It is now mandatory for banks, financial institutions and their clients to employ so-called multifactor authentication systems when transacting online as countermeasure in a feared surge of cyber attacks in the country.
This was learned from the Bangko Sentral ng Pilipinas (BSP), which put out a statement on Thursday reiterating the critical importance of a multifactor authentication system for all engagements online.
Such a system requires the skillful use of two or more authentication factors in all online engagements to ensure safe, hassle- and fraud-free experience over the Internet.
Authentication factors include a password or the personal identification number, or PIN, of the account; possession of a payment card; a one-time password generated through a security token and sent via SMS or text; and the use of something inherent to the user, such as a fingerprint and retinal pattern.
“This provides for a more reliable authentication method and a stronger fraud-deterrent mechanism that limits unauthorized access; and protects the integrity of customer data and transaction details. This, in turn, contributes to increased customer confidence leading to more prevalent usage of digital financial services, which is aligned with the National Retail Payment Systems objective of a cash-light economy by 2020,” the BSP said.
The monetary authorities said banks and financial institutions have until the end of September this year to implement the multifactor authentication system in their online transactions. The authorities also require banks to submit a plan of action with specific timelines, as well as the status of initiatives being undertaken, to achieve full compliance starting next month.
The central bank said the new regulation was in response to the increasing propensity and sophistication of cyber attacks involving fund transfers, payments and other transactions via
online channels.
“With the ongoing migration to EMV [Europay, Mastercard and Visa]technology, cyber attackers face reduced fraud opportunities in traditional schemes, which require customers to physically present their payment cards or the so-called card-present transactions in automated teller machine and/or point-of-sale terminals. Similar to the experience of other countries that have adopted EMV technology, the BSP is then expecting an upsurge of cyber attacks targeting card-not-present [CNP] transactions in the Philippines,” the BSP said.
The EMV pertains to the shift to chip-driven and ostensibly more secure global standard for credit- and debit-card transactions and stands for Europay, Mastercard and Visa. The system that preceded this was called the magnetic-strip variety.
CNP transactions make use of Internet or mobile applications to engage in activities, such as fund transfers and payment of utility bills, through a bank’s online banking system. These are transactions made when buying airline tickets, booking hotel reservations, tours and tickets, online shopping and a host of other activities in e-commerce web sites and other online/mobile platforms, for example.