enhanced bank security requirements of bsp circular 808
DESCRIPTION
The Bangko Sentral ng Pilipinas recently issued a circular requiring all BSP supervised institutions to implement 3DES and EMV in particular, along with reporting framework for improving IT security in general.TRANSCRIPT
![Page 1: Enhanced bank security requirements of BSP Circular 808](https://reader035.vdocuments.mx/reader035/viewer/2022081413/5462bb6cb1af9f71408b52d5/html5/thumbnails/1.jpg)
Simoun UngChairman, AmCham Security Disaster Resource Group
CommitteeVice Chairman, Bastion Payment Systems Corporation
![Page 2: Enhanced bank security requirements of BSP Circular 808](https://reader035.vdocuments.mx/reader035/viewer/2022081413/5462bb6cb1af9f71408b52d5/html5/thumbnails/2.jpg)
Approved by BSP 1 AUG 2013 Board approved migration plan must be
submitted to BSP no later than 1 FEB 2014, six months from circular date
Compliance required no later than 1 JAN 2015
![Page 3: Enhanced bank security requirements of BSP Circular 808](https://reader035.vdocuments.mx/reader035/viewer/2022081413/5462bb6cb1af9f71408b52d5/html5/thumbnails/3.jpg)
Enhanced information-technology risk management (ITRM) framework;
Updates I.T. related portions of current Manual of Regulations for Banks (MORB);
Aims to strengthen the retail electronic payment infrastructure of the nation;
Aims to enhance protection against ATM and credit card fraud.
![Page 4: Enhanced bank security requirements of BSP Circular 808](https://reader035.vdocuments.mx/reader035/viewer/2022081413/5462bb6cb1af9f71408b52d5/html5/thumbnails/4.jpg)
The new regulation covers: All banks; Non-bank financial institutions; Electronic money issuers; Other non-bank entities subject to BSP
supervision or regulation.
![Page 5: Enhanced bank security requirements of BSP Circular 808](https://reader035.vdocuments.mx/reader035/viewer/2022081413/5462bb6cb1af9f71408b52d5/html5/thumbnails/5.jpg)
Requires overall alignment of IT governance and models with overall business strategy and risk management/mitigation;
Requires maintenance of a risk identification and assessment process to continually look at threats and address them;
![Page 6: Enhanced bank security requirements of BSP Circular 808](https://reader035.vdocuments.mx/reader035/viewer/2022081413/5462bb6cb1af9f71408b52d5/html5/thumbnails/6.jpg)
Establishment of an overall IT risk mitigation strategy, customized to the threats likely to face the institution: Information security; Project management, acquisition and change management; I.T. operations; I.T. outsourcing and vendor management; Electronic products and services.
![Page 7: Enhanced bank security requirements of BSP Circular 808](https://reader035.vdocuments.mx/reader035/viewer/2022081413/5462bb6cb1af9f71408b52d5/html5/thumbnails/7.jpg)
3 DES: Triple Data Encryption Algorithm applied thrice to each data block Requires
implementation of end-to-end Triple DES for all ATMs by 1JAN2015
New ATMs installed should be Triple DES compliant
![Page 8: Enhanced bank security requirements of BSP Circular 808](https://reader035.vdocuments.mx/reader035/viewer/2022081413/5462bb6cb1af9f71408b52d5/html5/thumbnails/8.jpg)
EMV: Europay, MasterCard and Visa originated standard for integrated circuit cards EMV Chip cards must
be implemented by 1JAN 2017;
Implementation plans must be submitted by 1FEB2014, six months from date of circular.
![Page 9: Enhanced bank security requirements of BSP Circular 808](https://reader035.vdocuments.mx/reader035/viewer/2022081413/5462bb6cb1af9f71408b52d5/html5/thumbnails/9.jpg)
![Page 10: Enhanced bank security requirements of BSP Circular 808](https://reader035.vdocuments.mx/reader035/viewer/2022081413/5462bb6cb1af9f71408b52d5/html5/thumbnails/10.jpg)
Cloud security and its affect on our services and security;
Payment Card Industry Data Security Standards (PCI DSS)
Card Not Present Transactions; EMV Security and Organized Criminal
Groups; ATM Security and Organized Criminal
Groups; Other threats
![Page 11: Enhanced bank security requirements of BSP Circular 808](https://reader035.vdocuments.mx/reader035/viewer/2022081413/5462bb6cb1af9f71408b52d5/html5/thumbnails/11.jpg)