(1) The institution shall regularly monitor or test the security policies, frameworks and measures or mechanisms adopted for the purpose of operating the payment system or provide payment services and keep the details of payments and transactions and related information and records safe.
(2) In addition to official or certified computer systems (certified software and hardware) and secure data systems (secure database, data backup, data center) for the security, privacy and reliability of the payment system, the organization has a damage recovery system (disaster) to minimize potential damage. recovery system) should be arranged.
(3) Name, address, account number, transaction date, amount of transaction, type of money transfer, account to which the customer has transferred money and details of amount, payment or order given by the customer to transfer money, The balance statement and other specified details and records shall be preserved for the period specified by the bank.