Bangladesh Bank on Thursday issued an integrated order on ICT security for banks and non-bank financial institutions for ensuring security and minimising risks in card-based transactions.
The central bank issued the guidelines accumulating all other previous guidelines and circulars in this connection.
According to the guidelines, banks and NBFIs must have to use the National Payment Switch Bangladesh for conducting all card-based domestic inter-banks transactions.
Banks and NBFIs must have to introduce personal identification number-based transactions through cards within December, 2017.
Clients will have to be informed about the transactions instantly through SMS alert service.
Card-based transactions of the banks must be certified by the Payment Card Industry-Data Security Standard (PCI-DSS) by December, 2018, the guidelines said.
All automated teller machines of banks having membership of NPSB must be connected with the NPSB network and every ATM-based transaction should be completed using the network.
Newly established ATMs must have the technology related to EMVCo Complaint or chip card operation, anti-skimming, PIN guard and encrypted PIN pad.
Banks will also have to include the new technology in the existing ATMs by December, 2017.
Banks will have to preserve the video footage of transactions at ATM booths for at least one year — three months on online and the remaining months in archived form.
They will also monitor the footage properly and take steps if anything found doubtful.
Banks and NBFIs will connect their POS machines with the NPSB before December, 2017 and conduct transactions through the network.
All transactions through the POS should be PIN-based and cardholders will provide the PIN which will be completed through online PIN authorisation process.
The central bank also made the manual key entry during pre-authorisation of POS for all transactions except online hotel booking and purchase of domestic air ticket.
Banks will also have to introduce one-time password/two factor authentication/additional factor authentication system within December, 2017 for account or card-based transactions in online/internet or e-payment gateway, the guidelines said.
All such transactions must be settled in domestic currency.
All banks and NBFIs will have to prepare policy related to cyber security governance and plan to fight cyber threats after analysing cyber risks, the guidelines said.