Financial Services & Fintech

MFSA issues Rules on Security of Internet Payments of Credit, Payment and Electronic Money Institutions

25 Aug 2015

< 1 min read

The rules establish a set of minimum requirements in the field of security internet payments, in line with the Payment Services Directive (Directive 2007/64/EC). A number of requirements for payment services, together with obligations of payment service providers are introduced.

These rules apply to:

  1. Credit Institutions licensed in terms of the Banking Act;
  2. Payment Institutions licensed in terms of the Financial Institutions Act in order to undertake Activity 4 and/or Activity 10 in the first Schedule to the said Act; and

Rule FIR/04 is to be read in tandem with the EBA Guidelines and came into force on the 7th of August 2015.

The guidelines tackle in particular:

  • Incident monitoring and reporting
  • Risk control and mitigation
  • Initial customer identification and information
  • Strong customer authentication
  • Login attempts, session time out and validity of authentication
  • Customer awareness, education and communication

The rules can be accessed here.

For further information about how GVZH Advocates can help you with your Financial Services requirements kindly contact us here.