KARACHI: State Bank of Pakistan (SBP) on Thursday said that it has been made mandatory for all banks to send free of cost transaction alerts to their customers in order to ensure security of digital payments.
The SBP issued FAQs on the digital security payment, stating that banks are required to perform full-scale vulnerability assessment and penetration testing of their digital infrastructure with the objective to identify potential and inherent weaknesses in their technology platforms.
Banks shall engage independent 3rd party assessors to perform a holistic review/assessment of their digital payment infrastructure including but not limited to compromise assessment to identify already compromised systems/platforms and software applications etc.
The SBP said: “With effect from January 01, 2019, Banks/MFBs shall send free of cost transaction alerts to their customers through both SMS and email (where email IDs are available) for all international and domestic digital transactions including but not limited to ATM, POS and Internet banking transactions.”
“Such transaction alerts shall be generated and relayed to customers immediately after the execution of transaction. For this purpose, registered mobile phone numbers and valid email addresses (where applicable) of all customers shall be obtained, verified and updated in the bank/MFB’s database well before the deadline,” it added.
The SBP further said that with effect from January 01, 2019, banks/MFBs are required to send free transaction alerts for every transaction performed using digital channels including but not limited to ATM, POS and internet banking etc. within and outside Pakistan.
Implementation of this clause would require provisioning of free of cost SMS and email alert services to all existing/future customers who subscribe to electronic/digital banking services including but not limited to ATM, POS and Internet banking transactions either locally or internationally.
Banks/MFBs who have already charged fee from customers for such transaction alerts shall revert the same.
In addition, banks/MFBs can offer their customers paid SMS alert services for other in-branch transactions only if the customers so desire.
For all such transaction, banks/MFBs shall follow relevant legal/regulatory instructions alongwith proper disclosure and consent of the customer, the central bank added.
The SBP said that the banks are required to compensate customers, who suffer a financial loss, in two days in case of a compromise of banks’ systems refers to two (02) business days after the bank has established that the customer data has been compromised and caused a financial loss to the customers.