IMPLEMENTING EMV CARDS:SECURING YOUR ACCOUNTS

Core Information Technology Specialist GroupBangko Sentral ng Pilipinas

13 September 2017

BACKGROUND

• Circular No. 808 dated 22 August 2013 requires all concerned BSFIs to migrate the entire payment network to EMV technology

• Circular No. 859 dated 24 November 2014 describes the detailed EMV implementation guidelines

• Memorandum No. M-2016-011 dated 31 August 2016 articulates the Chip and PIN roadmap

BACKGROUND

• Memorandum No. M-2016-013 dated 27 September 2016 requires BSFIs to submit quarterly status report on EMV migration activities

• Memorandum No. M-2016-022 dated 20 December 2016 reminds BSFIs to continue to support magstripe transactions pending EMV compliance

• Circular No. 936 dated 28 December 2016 provides guidelines on the EMV card fraud liability shift framework

LIABILITY SHIFT FRAMEWORK

POS /ATM Card Liability

Issuer

Issuer

Issuer

Acquirer

Book provisions to cover for probable skimming losses

Impose a hard deadline of 30 June 2018 to fully migrate to EMV

Intensify EMV-related public awareness programs

Impose a 10-day resolution timeline for valid claims arising from counterfeit fraud

SUPPLEMENTAL GUIDELINES ON EMVMIGRATION REQUIREMENT

EMV MIGRATION STATUS

Activities Status as of 07/31/2017

Upgrade/Enhancement of Back-end Systems

Substantially completed

Upgrade/Replacement of ATMs Substantially completed

Upgrade/Replacement of POSTerminals

Substantially completed

Replacement of Credit Cards Substantially completed

Replacement of Debit Cards Partially completed

Replacement of Prepaid Cards Partially completed

EMV IS NOT A SILVER BULLET

• Adopt multi-factor authentication techniques

• Be mindful of the risks associated with fraudulent e-mails and websites

• Implement strong security controls for systems/servers that support e-banking products and services

• Strong authentication methods for privilege users

• Ensure that outsourced providers are implementing robust security controls

• Promote a security conscious environment

Key improvements:

➢ Alignment with NIST, FFIEC andCPMI standards/frameworks

➢ Definition of cybersecurity riskmanagement controls andsupervisory expectations

➢ Requirement for behavior-based threat detection, threatintelligence and collaboration

Enhanced Information Security Guidelines

BSP CYBERSECURITY REGULATION

Expansion of e-Services (Products

and Usage)

Emergence of New and

Evolving Risks

Increasing Sophisticati

on of Threats

Technological Advances

and Innovation

Continuously enhance BSP regulatory

framework vis-à-vis emerging cyberthreats

Undertake industry-wide initiatives to promote financial system resilience

Adopt proactive supervisory monitoring

and oversight

BSP’s CYBERSECURITY ROADMAP

#secure #vigilant #resilient

THANK YOU.

"No part of this presentation may be reproduced, stored in

a retrieval system, or transmitted in any form or by any

means–electronic, mechanical, photocopying, recording or

otherwise–without prior permission of the Supervision and

Examination Sector (SES), Bangko Sentral ng Pilipinas."

Disclaimer: “The views expressed in this presentation

may contain personal opinions and may not necessarily

reflect the views of the Bangko Sentral ng Pilipinas

(BSP) Management.”