The machines through which financial transactions and mercantile activities move must already be triple-data-encryption-compliant beginning January 1, according to the Bangko Sentral ng Pilipinas (BSP).
Beyond the transit to so-called triple-data encryption standard, or 3DES, the various merchants, banks and financial institutions that use automated teller machines (ATMs) and point-of-sale (POS) terminals must also show proof of updated service providers by next month.
In a memorandum, all BSP-supervised financial institutions must submit a certification from vendors or from third-party service providers on the capability of their ATMs and POS devices to use more secure encryption technology the banks are required to adopt for security reasons.
“As part of its continuing efforts to strengthen the country’s electronic retail-payment network and protect consumers against payment- card fraud, the Bangko Sentral ng Pilipinas, through the issuance of Circular 808 dated August 22, 2013, required all concerned BSP-supervised institutions to upgrade or convert their ATMs and POS system to allow the adoption of end-to-end triple-data- encryption standard by January 1, 2015,” the BSP said.
“The required upgrade covers the whole ATM/POS network, which consists of host processors, switches, host security modules, ATM and POS terminals and all communication links connected to the network,” the central bank added.
The various banks and merchants that use the machines in question are required to submit proof of systems upgrades mandated by a previous circular.
Banks are also required to submit to the central bank’s
core information-technology
specialist group a certification signed by their presidents and compliance officers on compliance with the implementation of the new electronic payments standard.
In case of noncompliance, a bank’s submitted certificate must indicate the reason for noncompliance, the timeline within which they are to comply and the controls in place to mitigate the risk exposure arising from the temporary nonadoption of 3DES.
Both certifications must be submitted within 20 banking days from the issuance date of the memorandum. The BSP also said it may conduct onsite validation trips to confirm industry compliance.
Financial fraud in the Philippines is not widely reported but that did not deter the monetary authorities from adopting new-technology measures to mitigate or prevent their occurrence.
Fraud often comes in the form of skimming or the pocketing of money from unrecorded transactions or billing businesses or people for services not rendered.
Financial experts have said businesses in the Philippines typically lose more or less 5 percent of their annual revenue to some form of fraud. Financial-statement fraud is said to cost businesses untold millions of pesos.