The rules establish a set of minimum requirements in the field of security internet payments, in line with the Payment Services Directive (Directive 2007/64/EC). A number of requirements for payment services, together with obligations of payment service providers are introduced.
These rules apply to:
- Credit Institutions licensed in terms of the Banking Act;
- Payment Institutions licensed in terms of the Financial Institutions Act in order to undertake Activity 4 and/or Activity 10 in the first Schedule to the said Act; and
Rule FIR/04 is to be read in tandem with the EBA Guidelines and came into force on the 7th of August 2015.
The guidelines tackle in particular:
- Incident monitoring and reporting
- Risk control and mitigation
- Initial customer identification and information
- Strong customer authentication
- Login attempts, session time out and validity of authentication
- Customer awareness, education and communication
The rules can be accessed here.