Back

Monitor and review retail payment activities, as necessary.


CONTROL ID
13541
CONTROL TYPE
Monitor and Evaluate Occurrences
CLASSIFICATION
Detective

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain logging and monitoring operations., CC ID: 00637

This Control has the following implementation support Control(s):
  • Determine if high rates of retail payment activities are from Originating Depository Financial Institutions., CC ID: 13546
  • Review retail payment service reports, as necessary., CC ID: 13545


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Moreover, AIs should perform adequate identity checks when any customer requests a change to the customer's Internet banking account information (including resetting or reissuing of Internet banking password) or contact details (e.g. e-mail address, correspondence address or contact phone number) th… (§ 4.1.2, Hong Kong Monetary Authority Supervisory Policy Manual TM-E-1 Risk Management of E-Banking, v.2)
  • To ensure that transactions through ATMs and others are properly performed for duly authorized customers, proper functions should be incorporated for early identification of any unusual transactions. (P17.1. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • Identifying all data flows for the various payment stages (for example, authorization, capture settlement, chargebacks, and refunds) and acceptance channels (for example, card-present, card-not-present, and e-commerce). (12.5.2 Bullet 1, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Requirements, Version 4.0)
  • Identifying all data flows for the various payment stages (for example, authorization, capture settlement, chargebacks, and refunds) and acceptance channels (for example, card-present, card-not-present, and e-commerce). (12.5.2 Bullet 1, Self-Assessment Questionnaire D for Merchants and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Identifying all data flows for the various payment stages (for example, authorization, capture settlement, chargebacks, and refunds) and acceptance channels (for example, card-present, card-not-present, and e-commerce). (12.5.2 Bullet 1, Self-Assessment Questionnaire D for Service Providers and Attestation of Compliance for use with PCI DSS Version 4.0)