Use simple understandable language when providing customer security advice.

Back

CONTROL ID
13685

CONTROL TYPE
Communicate

CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS

This Control directly supports the implied Control(s):

Provide customer security advice, as necessary., CC ID: 13674

There are no implementation support Controls.

SELECTED AUTHORITY DOCUMENTS COMPLIED WITH

AIs should warn their e-banking customers of the customers' obligations to take reasonable security precautions to protect the devices they use in e-banking and keep the passwords they use for accessing e-banking secure and secret. AIs should also observe the relevant provisions set out in the Code … (§ 4.4.1, Hong Kong Monetary Authority Supervisory Policy Manual TM-E-1 Risk Management of E-Banking, v.2)
AIs should warn their e-banking customers of the customers' obligations to take reasonable security precautions to protect the devices and the authentication factors (e.g. passwords and authentication tokens) used by the customers in the e-banking services. AIs should also observe the relevant provi… (§ 4.3.1, Hong Kong Monetary Authority Supervisory Policy Manual TM-E-1 Risk Management of E-Banking, V.3)
For disclosure of information, graphical representation and other proper means should be used to help users to easily understand the information. (P114.2., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
When communicating with customers in relation to IT security precautions and policies, it would be more effective if regulated institutions used plain language. In addition, it is normally preferable to use consistent information across all communication channels (e.g. websites, account statements, … (Attachment E ¶ 4, APRA Prudential Practice Guide 234: Management of security risk in information and information technology, May 2013)