Title
BSP MEMORANDUM NO. M-2014-040
Date
Oct 3, 2014
The Philippine law, BSP Memorandum Order No. M-2014-040, requires banks to implement multiple security measures, including the migration to EMV technology, to protect electronic payment cards from skimming attacks until January 1, 2017, or face potential sanctions.
Font Size:

Law Summary

Introduction

This memorandum, issued by the Bangko Sentral ng Pilipinas (BSP) on October 3, 2014, highlights the vulnerabilities of electronic payment cards to skimming attacks and the necessity for BSP-Supervised Institutions (BSIs) to adopt enhanced security measures. The migration to EMV technology is emphasized, with a deadline set for January 1, 2017.

Vulnerability and Necessity for Enhanced Security

  • Explanation: Electronic payment cards remain susceptible to fraud due to the reliance on magnetic stripe technology.
  • Key Definitions:
    • EMV: Europay, MasterCard, and Visa – a global standard for chip card technology that offers enhanced security.
  • Requirements:
    • BSIs must implement multiple layers of protection against skimming attacks as outlined in Circular No. 808.
  • Timeframes:
    • Full migration to EMV technology is required by January 1, 2017.

Security Controls for ATMs and POS Devices

Automated Teller Machines (ATMs)

  • Explanation: BSIs are required to adopt security measures specific to ATMs to combat skimming.
  • Key Requirements:
    • Locate ATMs in visible areas with adequate lighting.
    • Install surveillance cameras in high-risk areas, preserving footage for at least 30 days.
    • Conduct thorough risk assessments for ATMs and enhance programming to mask card numbers.
    • Educate customers about ATM risks and provide visible contact information for assistance.
    • Regularly inspect ATMs for security breaches.
  • Consequences: Non-compliance may lead to sanctions as per Circular No. 808.

Point-of-Sale (POS) Devices

  • Explanation: Similar security measures are mandated for POS devices to prevent skimming.
  • Key Requirements:
    • Enhance physical security around POS terminals.
    • Ensure POS devices do not expose or store sensitive information like PINs.
    • Conduct risk assessments on POS terminals.
    • Familiarize merchants with safe device operations and enforce baseline controls.

Prevention, Detection, Management, and Response to Skimming Incidents

Prevention

  • Explanation: BSIs must analyze ATM-related crimes to determine causes and implement preventive measures.
  • Key Requirements:
    • Use lessons learned from previous incidents to improve security processes.

Detection

  • Explanation: Implementation of fraud detection systems is necessary to identify suspicious activities.
  • Key Requirements:
    • Systems must feature behavioral scoring and correlation capabilities for real-time monitoring.

Management and Response

  • Explanation: Establish processes for investigating and resolving fraud-related cases.
  • Key Requirements:
    • Determine liability and compensation for affected customers promptly.
    • Implement information sharing practices among BSIs and law enforcement agencies.

Penalties and Liabilities

  • Consequences: BSIs that do not comply with the outlined measures may face monetary and non-monetary sanctions as stated in Subsection X176.9 of Circular No. 808.

Key Takeaways

  • The BSP mandates BSIs to enhance security measures against card fraud and skimming attacks, particularly for ATMs and POS devices.
  • Full compliance with the outlined security protocols is critical to mitigate risks associated with skimming and fraud.
  • Failure to adopt these measures may result in sanctions, emphasizing the importance of vigilance and proactive risk management among BSIs.

Analyze Cases Smarter, Faster
Jur is an AI-powered legal research tool in the Philippines with case digests and full jurisprudence. AI summaries highlight key points but might skip important details or context. Always check the full text for accuracy.

About Privacy Terms