Banks should establish an effective risk management system related to electronic payment business activities.
According to the principle of prudence, banks should reasonably limit the types of electronic payment, single payment amount and daily cumulative payment amount for different customers.
When a bank handles electronic payment services for individual customers through the Internet, the single amount shall not exceed RMB 65,438+0,000, and the daily cumulative amount shall not exceed RMB 5,000, except for security authentication methods such as digital certificates and electronic signatures.
When a bank handles electronic payment business for its customers, the amount paid by an enterprise customer from its bank settlement account to an individual bank settlement account shall not exceed 50,000 yuan, except that the bank and the customer can provide effective payment basis in advance through agreement.
Banks should set the credit line of online payment transactions within the credit line of customers' credit cards for customers to choose, but the credit line shall not exceed the cash line of credit cards.
Banks should ensure the security of the electronic payment business processing system, ensure the non-repudiation of important transaction data, the integrity of data storage and the authenticity of customer identity, and properly manage the authentication data such as passwords and keys used in the electronic payment business processing system.
The use of customer information and transaction records by banks shall not exceed the scope permitted by laws and regulations and authorized by customers.
Banks should keep confidential the information and transaction records of customers according to law. Unless otherwise stipulated by national laws and administrative regulations, banks should refuse inquiries from any unit or individual other than the customer himself.
Banks should make an agreement with customers to provide customers with information such as transaction records, fund balance and account status in a timely or regular manner.
Banks should take necessary measures to protect the integrity and reliability of electronic payment transaction data.
Banks should take necessary measures to keep electronic payment transaction data confidential.
Banks should ensure that the operators, managers and system service providers of the electronic payment business processing system have reasonable authorization control:
Banks can outsource some of their electronic payment services to legal professional services according to relevant regulations, but the obligations and corresponding responsibilities of banks to customers will not be transferred due to the establishment of outsourcing relationship.
Banks should sign agreements with professional service organizations related to electronic payment business, and establish a set of comprehensive and continuous procedures to manage their outsourcing relationship.
If the bank uses digital certificates or electronic signatures for customer identity authentication and transaction authorization, it is recommended that a legal third-party certification institution provide certification services. If a customer suffers losses due to a transaction based on certification services, and the certification service institution cannot prove its innocence, it shall bear corresponding responsibilities according to law.
Information processing and fund settlement of RMB electronic payment transactions in China should be completed in China.
The bank's electronic payment business processing system shall ensure the complete recording and disclosure of electronic payment transaction information in accordance with relevant laws and regulations.
Banks should establish a reporting system for major events in the operation of electronic payment business, and timely report to the regulatory authorities the events that endanger security in the operation of electronic payment business.