Enhanced bank security requirements of BSP Circular 808
Upcoming SlideShare
Loading in...5
×
 

Enhanced bank security requirements of BSP Circular 808

on

  • 1,553 views

The Bangko Sentral ng Pilipinas recently issued a circular requiring all BSP supervised institutions to implement 3DES and EMV in particular, along with reporting framework for improving IT security ...

The Bangko Sentral ng Pilipinas recently issued a circular requiring all BSP supervised institutions to implement 3DES and EMV in particular, along with reporting framework for improving IT security in general.

Statistics

Views

Total Views
1,553
Views on SlideShare
1,553
Embed Views
0

Actions

Likes
0
Downloads
22
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Enhanced bank security requirements of BSP Circular 808 Enhanced bank security requirements of BSP Circular 808 Presentation Transcript

  • Simoun Ung Chairman, AmCham Security Disaster Resource Group Committee Vice Chairman, Bastion Payment Systems Corporation
  •  Approved by BSP 1 AUG 2013  Board approved migration plan must be submitted to BSP no later than 1 FEB 2014, six months from circular date  Compliance required no later than 1 JAN 2015
  •  Enhanced information-technology risk management (ITRM) framework;  Updates I.T. related portions of current Manual of Regulations for Banks (MORB);  Aims to strengthen the retail electronic payment infrastructure of the nation;  Aims to enhance protection against ATM and credit card fraud.
  •  The new regulation covers:  All banks;  Non-bank financial institutions;  Electronic money issuers;  Other non-bank entities subject to BSP supervision or regulation.
  •  Requires overall alignment of IT governance and models with overall business strategy and risk management/mitigation;  Requires maintenance of a risk identification and assessment process to continually look at threats and address them;
  •  Establishment of an overall IT risk mitigation strategy, customized to the threats likely to face the institution:  Information security;  Project management, acquisition and  change management;  I.T. operations;  I.T. outsourcing and vendor management;  Electronic products and services.
  •  3 DES: Triple Data Encryption Algorithm applied thrice to each data block  Requires implementation of end-to-end Triple DES for all ATMs by 1JAN2015  New ATMs installed should be Triple DES compliant
  •  EMV: Europay, MasterCard and Visa originated standard for integrated circuit cards  EMV Chip cards must be implemented by 1JAN 2017;  Implementation plans must be submitted by 1FEB2014, six months from date of circular.
  •  Cloud security and its affect on our services and security;  Payment Card Industry Data Security Standards (PCI DSS)  Card Not Present Transactions;  EMV Security and Organized Criminal Groups;  ATM Security and Organized Criminal Groups;  Other threats