BackText onlyPrint

You need the Flash plugin.

Download Macromedia Flash Player



Location: Central Bank of Bahrain Volume 5—Specialised Licensees > Specific Modules (By Type of Licensee) > Type 7: Ancillary Service Providers > Part A > Business Standards > OB Open Banking Module > OB-2 Operating Rules > OB-2.2 Standards for Authentication and Communication > Secure authentication > OB-2.2.1
  • Secure authentication

    • OB-2.2.1

      AISPs and PISPs must have in place a strong customerG authentication process and ensure the following:

      (a) no information on any of the elements of the strong customerG authentication can be derived from the disclosure of the authentication code;
      (b) it is not possible to generate a new authentication code based on the knowledge of any other code previously generated; and
      (c) the authentication code cannot be forged.
      Added: December 2018

    • OB-2.2.2

      The CBB will consider application of quantitative thresholds below which the strong customerG authentication requirements may be simplified on a case to case basis.

      Added: December 2018

    • OB-2.2.3

      PISPs and AISPs must adopt security measures that meet the following requirements:

      (a) the authentication code generated must be specific to the payment transaction and the payee agreed to by the payer when initiating the transaction; and
      (b) the authentication code accepted by the licensee maintaining customer accountG corresponds to the original specific amount of the payment transaction and to the payee agreed to by the payer;
      (c) a SMS message must be sent to the customerG upon accessing the online portal or application and when a transaction is initiated and executed;
      (d) any change to the amount or the payee must result in the invalidation of the authentication code generated.
      Added: December 2018

Back to top