Banking & Fintech /

KNF admonishes the banking sector in the context of strong authentication: “security first”!

The KNF points out in the letter that despite intensive information campaigns, there is a noticeable „growing tendency in the number of frauds targeting consumers, often losing their life savings.” This applies to both expert users of modern technologies and the elderly who do not have regular contact with them. First of all, the KNF expects the exemption from the use of the strong authentication mechanism provided for in the Commission Delegated Regulation (EU) 2018/389 (RTS).

The element preceding the decision by banking customers to resign from strong authentication for transactions should be the acceptance by these customers of information about the potential risk of losing funds, in this case related to the exclusion of strong authorization for low-value transactions.

Additionally, taking into account the application of the „security first” principle, the Polish Financial Supervision Authority expects the implementation of a functionality in the transaction system that allows the customer to set up confirmation with strong authentication of each payment.

In the same letter, the KNF, pointing to the growing problem of phishing, strongly opposes the practice of sending active links to websites to customers in e-mail messages (including embedding such links in graphics) and SMS messages addressed to customers. Instead, the KNF recommends changing the mode in favor of static information that does not generate the above-mentioned fraud risk or in favor of providing customers with information via mobile applications and electronic banking portals.

The KNF also condemned an excessively simplified encryption of attachments sent in e-mail correspondence with simple passwords that could be broken using standard IT tools. The risk analysis carried out by suppliers should take into account the specificity of a given communication channel and User eXperience. The KNF will control the fulfillment of these standards by suppliers regarding the security of clients’ funds.

Author team leader DKP Legal Piotr Glapiński
Contact our expert
Write an inquiry: [email protected]
check full info of team member: Piotr Glapiński

Contact us

Młyńska 16
61-730 Poznań
+48 61 853 56 48[email protected]
Rondo ONZ 1
00-124 Warsaw
+48 22 300 16 74[email protected]
Swobodna 1
50-088 Wrocław
+48 61 853 56 48[email protected]
Opolska 110
31-355 Kraków
+48 61 853 56 48[email protected]
Jana Sobieskiego 2/3
65-071 Zielona Góra
+48 61 853 56 48[email protected]