Two factor authentication for system login and transaction authorisation can be based on any two of the following factors :
- What you know (eg. PIN)
- What you have (eg. OTP token)
- Who you are (eg. Biometrics)
What does this mean for financial institutions operating in Singapore? MAS has previously issued a circular SRD TR02/205 which requires all banks to implement 2FA for Internet Banking by end 2006. By MAS's definition, Internet Banking means:
"Internet banking refers to the provision of banking services and products via electronic delivery channels based on computer networks or internet technologies, including fixed line, cellular or wireless networks, web-based applications and mobile devices. For the purpose of this paper, the generic reference to bank or banks includes financial institutions which provide online trading or other financial services and products on the internet and interconnected networks. Where appropriate, internet banking is to be regarded as synonymous with online financial services."
In summary, as long as you provide an online banking service to your Singapore clients over the Internet, even if its non-transactional (e.g. viewing of account statements), the IBTRM requirement applies.
No comments:
Post a Comment