| Article 37 |
(Control and management of identity verification of electronic trading)
- An organization shall establish regulations governing applications, delivery, use, update and verification of identity of electronic trading.
- An organization shall encrypt all information relating to identity verification for electronic trading transmitted via the Internet throughout the whole transmission.
- An organization shall store information relating to identity verification for electronic trading after information has been hashed or encrypted.
- An organization shall verify the identity for electronic trading at its server to avoid the risks of verification being tampered with if it is performed on the client’s device.
- An organization shall use enhanced password functionality and conduct control and management, andshall always lock an account after three failed attempts toenter the correct password have taken place.
- An organization shall provide a method allowing periodic changes of password to its clients and implement enhanced password functionality (e.g. reminding a client to change his/her password via the method for changing the password when the same password has been in use for more than three months).
- An organization shall monitor and analyze the records of failed attempts to log in an account in the core system and attempts to log in a non-client account on a daily basis.
|
|