BSP urges banks to intensify security framework
In an effort to lessen Credit Card/ATM-related frauds, the Bangko Sentral ng Pilipinas’ Monetary Board has given the Resolution No. 1286 or the Enhanced Information Technology Risk Management (ITRM) a go-signal, requiring all BSP-supervised institutions (BSIs) to improve their current their current security framework.
By January 1, 2015, the Central Bank is expecting all BSIs to adopt a 3DES (Triple Data Encryption Standard) in all of their ATM networks. Furthermore, the agency is urging these financial institutions to use the “more secure” EMV chip-enabled cards by 2017 in exchange for existing cards with magnetic-stripe technology.
Apart from addressing known security/financial threats like card skimming and cloning, BSP is also looking to improve the way these companies anticipate new threats by establishing an “overall IT risk mitigation strategy” which would encompass almost all their business processes including IT outsourcing and electronic products and services.
Consistent with international standards and best practices, the enhanced ITRM framework is expected to strengthen management of risks, security of operations and governance on IT-related activities, as well as reinforce regulations on consumer protection on electronic products and service by tackling the growing number of new and sophisticated technological threats.
– Bangko Sentral ng Pilipinas
The implementation of the enhanced ITRM framework is said to start 15 days following its publication in the Official Gazette.