MFSA issues Rules on Security of Internet Payments of Credit, Payment and Electronic Money Institutions

The rules establish a set of minimum requirements in the field of security internet payments, in line with the Payment Services Directive (Directive 2007/64/EC). A number of requirements for payment services, together with obligations of payment service providers are introduced.

These rules apply to:

1. Credit Institutions licensed in terms of the Banking Act;
2. Payment Institutions licensed in terms of the Financial Institutions Act in order to undertake Activity 4 and/or Activity 10 in the first Schedule to the said Act; and

Rule FIR/04 is to be read in tandem with the EBA Guidelines and came into force on the 7th of August 2015.

The guidelines tackle in particular:

• Incident monitoring and reporting
• Risk control and mitigation
• Initial customer identification and information
• Strong customer authentication
• Login attempts, session time out and validity of authentication
• Customer awareness, education and communication

The rules can be accessed here.

For further information about how GVZH Advocates can help you with your Financial Services requirements kindly contact us here.