Upload
others
View
6
Download
0
Embed Size (px)
Citation preview
IMPLEMENTING EMV CARDS:SECURING YOUR ACCOUNTS
Core Information Technology Specialist GroupBangko Sentral ng Pilipinas
13 September 2017
BACKGROUND
• Circular No. 808 dated 22 August 2013 requires all concerned BSFIs to migrate the entire payment network to EMV technology
• Circular No. 859 dated 24 November 2014 describes the detailed EMV implementation guidelines
• Memorandum No. M-2016-011 dated 31 August 2016 articulates the Chip and PIN roadmap
BACKGROUND
• Memorandum No. M-2016-013 dated 27 September 2016 requires BSFIs to submit quarterly status report on EMV migration activities
• Memorandum No. M-2016-022 dated 20 December 2016 reminds BSFIs to continue to support magstripe transactions pending EMV compliance
• Circular No. 936 dated 28 December 2016 provides guidelines on the EMV card fraud liability shift framework
LIABILITY SHIFT FRAMEWORK
POS /ATM Card Liability
Issuer
Issuer
Issuer
Acquirer
Book provisions to cover for probable skimming losses
Impose a hard deadline of 30 June 2018 to fully migrate to EMV
Intensify EMV-related public awareness programs
Impose a 10-day resolution timeline for valid claims arising from counterfeit fraud
SUPPLEMENTAL GUIDELINES ON EMVMIGRATION REQUIREMENT
EMV MIGRATION STATUS
Activities Status as of 07/31/2017
Upgrade/Enhancement of Back-end Systems
Substantially completed
Upgrade/Replacement of ATMs Substantially completed
Upgrade/Replacement of POSTerminals
Substantially completed
Replacement of Credit Cards Substantially completed
Replacement of Debit Cards Partially completed
Replacement of Prepaid Cards Partially completed
EMV IS NOT A SILVER BULLET
• Adopt multi-factor authentication techniques
• Be mindful of the risks associated with fraudulent e-mails and websites
• Implement strong security controls for systems/servers that support e-banking products and services
• Strong authentication methods for privilege users
• Ensure that outsourced providers are implementing robust security controls
• Promote a security conscious environment
Key improvements:
➢ Alignment with NIST, FFIEC andCPMI standards/frameworks
➢ Definition of cybersecurity riskmanagement controls andsupervisory expectations
➢ Requirement for behavior-based threat detection, threatintelligence and collaboration
Enhanced Information Security Guidelines
BSP CYBERSECURITY REGULATION
Expansion of e-Services (Products
and Usage)
Emergence of New and
Evolving Risks
Increasing Sophisticati
on of Threats
Technological Advances
and Innovation
Continuously enhance BSP regulatory
framework vis-à-vis emerging cyberthreats
Undertake industry-wide initiatives to promote financial system resilience
Adopt proactive supervisory monitoring
and oversight
BSP’s CYBERSECURITY ROADMAP
#secure #vigilant #resilient
THANK YOU.
"No part of this presentation may be reproduced, stored in
a retrieval system, or transmitted in any form or by any
means–electronic, mechanical, photocopying, recording or
otherwise–without prior permission of the Supervision and
Examination Sector (SES), Bangko Sentral ng Pilipinas."
Disclaimer: “The views expressed in this presentation
may contain personal opinions and may not necessarily
reflect the views of the Bangko Sentral ng Pilipinas
(BSP) Management.”