Unofficial translation (c) Soyuzpravoinform LLC
of May 3, 2023 No. 58
About approval of the Regulations on authentication and application of the strengthened authentication in the payment market
According to Articles 7, of 15, 56 Laws of Ukraine "About the National Bank of Ukraine", article 68 of the Law of Ukraine "About payment services", for the purpose of establishment for payment service providers of requirements concerning procedure for application of authentication and the strengthened authentication and ensuring electronic interaction between subjects of payment transactions the Board of the National Bank of Ukraine decides:
1. Approve the enclosed Regulations on authentication and application of the strengthened authentication in the payment market (further - provision).
2. To department of safety (Alexander Palamarchuk) after official publication to inform participants of the payment market information on adoption of this resolution.
3. To impose control over the implementation of this resolution on the head of the National Bank of Ukraine Andrey Pyshny.
4. The resolution becomes effective from the date of, its official publication following behind day, except the Section V of the Provision which becomes effective from the date of entry into force and enforcement of Chapter 4 of the Section IV of the Law of Ukraine "About payment services".
Chairman
A.Pyshny
Approved by the Resolution of Board of the National Bank of Ukraine of May 3, 2023 No. 58
1. This Provision is developed according to the laws of Ukraine "About the National Bank of Ukraine", "About banks and banking activity", "About payment services" (further - the Law On payment services), "About information security in information and communication systems", "About the basic principles of ensuring cyber security of Ukraine", "About electronic confidential services".
Fundamental basis of this provision is the principle of technological neutrality to methods which payment service providers for the purpose of application of the strengthened authentication of users of payment services can use.
2. This Provision establishes for payment service providers of the requirement to:
1) to application of authentication of users of payment services, application of the strengthened authentication in the cases established by the Law On payment services and also in cases when payment service providers have the right not to require application of the strengthened authentication of users;
2) to protection of confidentiality and integrity of vulnerable payment data;
3) to electronic interaction in the payment market of Ukraine between subjects of payment transactions.
3. The terms used in this Provision are used in the following values:
1) activation process by means of which vulnerable payment data, devices or the software for the purposes of authentication become completely functional and ready to use by the user which has/shall have legitimate right for their use;
2) the multi-purpose device - the device (the tablet or personal computer, the mobile phone) used for authentication of the user of payment service. After application of the procedure of authentication the multi-purpose device acquires functionality of the payment device if it is necessary for provision of payment service;
3) the safe information circle - the circle in which the payment service provider provides protection of confidentiality, integrity, availability and possibility of observability of vulnerable payment data;
4) the remote channel set of the telecommunication decisions and the software intended for information exchange between territorially remote means of remote communication;
5) responsible person worker of the payment service provider, the legal entity to who maintaining on a contract basis certain direction, and/or the non-staff specialist registered as physical person subject of business activity, performing business activity without creation of the legal entity or self-employed person to who the governing body of the payment service provider assigns the corresponding functions on ensuring information security and cyberprotection and who have knowledge in spheres of information security and cyberprotection, safety of money transfer and information technologies is assigned;
6) vulnerable payment this-individual accounting information, personal cryptographic keys, passwords of access, transaction codes, other information which is specified in the payment instruction and by means of which unauthorized or fraudulent actions can be made;
7) measures of safety set of measures for fulfillment of requirements of this provision and other requirements determined by the laws of Ukraine and regulatory legal acts of the National Bank of Ukraine (further - National Bank) in the sphere of information security and cyberprotection in the payment market;
Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info
Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system
If you cannot find the required document, or you do not know where to begin, go to Help section.
In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.
You also may open the section Frequently asked questions. This section provides answers to questions set by users.