What does bank card upgrade mean?

First, the bank card upgrade is generally a background system upgrade, adding some functions, which generally has nothing to do with consumers, but the bank card should be stopped when upgrading, and the time is generally around 0: 00, which will not affect the use.

Second, the banking system maintenance, generally there will be SMS tips, or announcements. Bank card is a credit payment tool issued by commercial banks, postal savings institutions and other financial institutions to the society, which has all or part of the functions of consumer credit, transfer settlement and cash deposit and withdrawal. Bank cards include credit cards and debit cards.

Extended data

First, strengthen the information security management of bank cards.

(1) Strengthen the internal control management of sensitive payment information. All commercial banks, payment institutions (non-bank payment institutions engaged in bank card acquiring business and online payment business, the same below) and bank card clearing institutions should strictly implement the Notice of the People's Bank of China on the Protection of Personal Financial Information of Banking Financial Institutions (Yinfa [20 1 1] 17), improve the internal control management system for the security of payment sensitive information, and on the 20 th.

First, it is forbidden to keep sensitive payment information (including bank card track or chip information, card verification code, card validity period, bank card password, online payment transaction password, etc.). ) is not owned by the institution. If it is really necessary to keep it, it shall be authorized by the customer himself and the account management institution.

The second is to clarify the management responsibilities of relevant posts and personnel, strictly separate incompatible posts and control information operation authority, formulate information operation processes and norms, strengthen internal supervision and accountability mechanisms, and prohibit employees from illegally storing, stealing, leaking, trading and paying sensitive information.

Third, the internal audit of payment sensitive information security is conducted at least twice a year, and a report is filed for future reference. If it is found that sensitive payment information is leaked or internal personnel operate illegally due to system loopholes, they should immediately take effective measures to prevent the risk from expanding and report to the People's Bank of China; Anyone suspected of violating the law or committing a crime shall report to the public security organ in a timely manner.

(2) Strengthen the security protection of payment sensitive information. Commercial banks and payment institutions should conduct channel encryption and two-way authentication between client software and server, and between server and server, and hash or encrypt key fields of important information to ensure the security of information transmission, storage and use. When conducting online payment services, cooperative institutions without payment business qualifications shall not be entrusted or authorized to collect sensitive payment information. Security control measures with information input security protection and instant data encryption functions should be adopted, and effective measures should be taken to prevent cooperative institutions from obtaining and retaining payment sensitive information.

(3) Full application of payment marking technology. From 20 16 12 1, all commercial banks and payment institutions should use payment tokenization technology to desensitize the bank card number, card verification code, payment account and other information of payment institutions, and control the risk of information leakage and fraudulent transactions from the source by setting domain control attributes such as transaction times, transaction amount, validity period and payment channel of payment identification.

(4) Strengthen the transaction password protection mechanism. All commercial banks and payment institutions should strengthen the protection and management of transaction passwords such as bank cards and online payment and customer safety education, strictly limit the use of initial transaction passwords and prompt customers to modify them in time, and establish a systematic verification mechanism for the complexity of transaction passwords to avoid too simple transaction passwords (such as "111"and ").

(5) Strictly regulate the outsourcing service of acquiring documents. All commercial banks and payment institutions shall strictly implement the Measures for the Administration of Bank Card acquiring business (Announcement No.9 of the People's Bank of China [20 13]) and the Notice of the People's Bank of China on Strengthening the Outsourcing Management of Bank Card acquiring business (Yinfa [20 15] 199) to ensure the security of sensitive information during acquiring.

First, the core business system operation, terminal key management, and qualification examination of special merchants shall not be handed over to outsourcing service institutions.

The second is to designate a special person to manage the terminal key and related parameters, so as to ensure that different terminals use different terminal master keys and change them regularly.

Third, it is forbidden for entity enterprises to retain payment sensitive information through agreements with online merchants and outsourcing service organizations. Fourth, at least once a year, the outsourcing service organizations, entities, and network operators are evaluated independently, and a report is formed for future reference. Those who don't abide by the relevant agreement should stop cooperating immediately.

(6) Strengthen payment innovation and standardized management. For important payment technology applications and business innovations, commercial banks and payment institutions should file with the People's Bank of China at least 30 days before the project goes online, and submit written materials such as project implementation plan and external safety assessment report. In the process of business development, we should do a good job in dynamic monitoring, evaluation and prevention and control of risks.

Two, increase the risk prevention and control of bank card Internet transactions.

(1) Strengthen the security management of client software. First, commercial banks and payment institutions should improve the security prevention and control capabilities of client software from the aspects of Trojan virus prevention, information encryption protection and trusted operating environment. The client software should be able to monitor the security status of the mobile payment environment and feed it back to the background system as the basis for risk control strategies such as restricting and refusing transactions. Second, set up a trusted logo or quick entrance for client software and official website, and inform customers of the correct identification and access methods through various channels. Third, external safety assessment must be conducted at least once a year, and a report should be filed for future reference to ensure compliance with technical standards.

(two) to strengthen the safety management of business identity certification. From 20 1 6165438+10/day, commercial banks should strictly adopt multi-factor authentication to directly identify customers and obtain customer authorization when establishing related business with payment institutions and commercial institutions based on bank cards. Identity authentication should adopt one of the following combination methods: First, digital certificate conforming to financial electronic authentication standard (JR/T 0 1 18) should be adopted, and at least one authentication factor such as transaction password should be combined. The second is to adopt the code that conforms to the Technical Specification for Dynamic Password Application (GM/T 002 1), and at least combine one authentication factor such as transaction password. Thirdly, combining at least two dynamic authentication factors (such as dynamic verification code and dynamic challenge response based on customer behavior), adopting at least two different communication channels such as voice, short message and data (such as mobile banking, instant messaging and email).

(3) Enhance the security intensity of payment transactions. First, commercial banks should establish and improve the classified management mechanism of personal bank settlement accounts in accordance with the Notice of the People's Bank of China on Improving Personal Bank Account Services and Strengthening Account Management (Yinfa [2015] No.392), guide customers to use Class II and III bank accounts to carry out micro-network payment services, and effectively prevent and control the information leakage risks of various bank accounts, especially Class I accounts. Second, when payment institutions and other partners send payment instructions to commercial banks and deduct customers' bank card funds, all commercial banks and payment institutions should strictly implement Article 10 of the Measures for the Administration of Online Payment Services of Non-bank Payment Institutions (Announcement of the People's Bank of China [20 15] No.43) and take technical measures to match the transaction verification intensity with the transaction amount to improve the transaction security.

(4) Strengthen the risk monitoring of Internet transactions. All commercial banks and payment institutions should use big data analysis, user behavior modeling and other means to establish a transaction risk monitoring model and system, timely warn abnormal transactions, and take measures such as investigation and verification, risk early warning and delayed settlement. For abnormal behaviors such as batch or high-frequency login, IP address, terminal device identification information and browser cache information should be used for comprehensive identification, and measures such as additional verification and rejection of requests should be taken in time.

(V) Strengthen linkage prevention and control of payment risks. All commercial banks and payment institutions should conscientiously implement the Notice of the People's Bank of China, the Ministry of Industry and Information Technology, the Ministry of Public Security and the State Administration for Industry and Commerce on Establishing an Emergency Payment Stopping and Quick Freezing Mechanism for Accounts Involved in New Crimes in Telecommunication Networks (Yinfa [2065438+06] No.86), access the new risk event management platform of crimes in Telecommunication Networks as required, and strengthen the management of payment stopping and freezing of accounts involved.

Third, effectively prevent the risk of fraudulent transactions of fake magnetic stripe cards.

(A) the use of financial IC cards to reduce the risk of magnetic stripe transactions. 1. As of September 1 2006, the bank cards newly issued by commercial banks based on RMB settlement accounts should be financial IC cards that conform to the China Financial Integrated Circuit (IC) Card Specification (JR/T 0025), and adopt chips that have passed the institutional security assessment approved by the CNCA department. Second, commercial banks should further strengthen the risk control of magnetic stripe transactions from the aspects of transaction channels, credit card frequency, single transaction amount, daily cumulative transaction amount and transaction area. For suspicious transactions, transaction confirmation and risk warning should be made through SMS, telephone and client software. From May 20 17 1 day, the magnetic stripe transaction of chip magnetic stripe composite card was completely closed. Third, commercial banks should take measures such as changing cards without changing numbers and issuing cards in real time to speed up the progress of replacing existing magnetic stripe cards with financial ic cards.

(2) Strengthen the safety management of accepting terminals. All commercial banks and payment institutions should strengthen safety management in terms of product selection, acceptance and on-site inspection. To ensure that the technical standards of the terminal meet the requirements. Bank card clearing institutions shall, jointly with member institutions, take technical measures such as signature and unique identification of network access terminals, strengthen the network access management of accepting terminals, and prohibit unqualified and illegally modified accepting terminals from using the network. A regular inspection mechanism shall be established for the terminals in stock, and terminal sampling inspection shall be carried out continuously to ensure the consistency between the deployed terminals and qualified samples, and the use of modified terminals shall be strictly controlled.

(3) Strengthen the real-name management of special merchants. Bank card clearing institutions shall, jointly with member institutions, establish and improve the electronic information management system of entity and network special merchants, strictly implement the relevant provisions of the real-name registration system, completely and accurately record the identity information of special merchants and their legal representatives or responsible persons, and conduct associated management on the information registered by the same special merchant in different commercial banks and payment institutions. Make full use of image acquisition, regional positioning and other technologies, adopt effective means such as multi-channel cross-verification, improve the qualification review and information update mechanism of special merchants, and continuously strengthen the information authenticity management of special merchants.

(4) Strengthen the blacklist management of illegal merchants. First, all commercial banks and payment institutions should establish and improve the blacklist management system for illegal subjects and network special merchants, and clarify the conditions and penalties for blacklist inclusion and removal. Strengthen the monitoring and inspection of special merchants. Violations such as leaking sensitive payment information, illegally modifying terminals, and participating in fake card fraud should be included in blacklist management. Depending on the seriousness of the case, strictly take disciplinary measures such as delaying settlement, suspending transactions and terminating cooperation, and promptly notify China Payment and Clearing Association and bank card clearing institutions. Second, China Payment and Clearing Association and bank card clearing institutions should establish and improve the blacklist information sharing and inquiry mechanism with commercial banks and payment institutions, increase joint punishment, and prohibit the expansion of blacklisted special merchants.

(5) Implementing the responsibility transfer system for fraud risk of fake cards. The bank card clearing institution shall, jointly with the member institutions, further implement the risk responsibility of fraudulent card in the process of accepting bank cards, and protect the rights and interests of chip transferers. Establish and improve the complaint handling mechanism, properly handle fraud risk events, and effectively protect the legitimate rights and interests of customers.

Four, strict implementation of regulations, increase supervision and punishment.

(1) Strictly implement national network security and standards and abide by relevant regulations. All commercial banks, payment institutions and bank card clearing institutions shall strictly implement the relevant provisions of the national network security and information technology security, and use commercial password products recognized by the national password management agency. One is client software, acceptance terminal, bank card, digital certificate, dynamic token device, etc. Those involved should meet the relevant standards of the state and the financial industry, and pass the institutional safety assessment recognized by the CNCA. Second, the construction and operation of business systems should meet the relevant requirements of national information security level protection. Third, according to the relevant requirements of national network security, deploy business systems and backup systems in China.

(2) Establish and improve the supervision and inspection mechanism. Branches of the People's Bank of China should attach great importance to it, make unremitting efforts, set up a leading group for bank card risk management, establish a daily supervision and inspection mechanism, incorporate the safe production of payment business systems, the security of acceptance terminals (including online payment interfaces), and the protection of sensitive payment information into law enforcement inspections, and make overall plans for guidance and coordination, policy propaganda, law enforcement inspections, and briefings.

(3) Increase penalties for violations. Branches of the People's Bank of China should strictly investigate the interruption of payment services, the disclosure of sensitive payment information and the loss of funds caused by the modification of bank card acceptance terminals, low verification intensity of payment transactions, system security loopholes and cyber attacks, and severely punish them in accordance with the relevant provisions of the Measures for the Administration of Bank Card Receipt and the Measures for the Administration of Online Payment Services of Non-bank Payment Institutions.

If the circumstances are serious, the relevant institutions, directors, senior managers and other directly responsible personnel shall be punished in accordance with Article 46 of the Law of the People's Republic of China on the People's Bank of China; Anyone suspected of committing a crime shall report to the public security organ in time. For payment institutions with serious circumstances, according to the Measures for the Administration of Payment Services of Non-financial Institutions (Order of the People's Bank of China [20 10] No.2) and the Measures for the Administration of Classification and Rating of Non-bank Payment Institutions (Yinfa [20 16] 106), the classification and rating will be reduced until the payment business license is cancelled.

(4) Strengthen industry self-discipline. China Payment and Clearing Association shall, in accordance with the requirements of this Notice and relevant regulations, formulate self-discipline norms for the risk management industry of bank cards, establish a self-discipline inspection and violation restraint mechanism, and organize the implementation after filing with the People's Bank of China before September 30, 20 16, and urge member units to strengthen self-discipline and strictly implement various regulations.

References:

Notice of the People's Bank of China on Further Strengthening the Risk Management of Bank Cards