💼 1 Products and services delivered via digital channels can introduce additional information security vulnerabilities which, if exploited, could result in potentially material information security incidents impacting beneficiaries. APRA-regulated entities would typically implement preventative, detective and response controls commensurate with these risks. Common controls include:

Contextual name: 💼 1 Products and services delivered via digital channels can introduce additional information security vulnerabilities which, if exploited, could result in potentially material information security incidents impacting beneficiaries. APRA-regulated entities would typically implement preventative, detective and response controls commensurate with these risks. Common controls include:
ID: /frameworks/apra-cpg-234/f/1
Located in: 💼 Attachment F - Customer security

Description

Empty...

Section	Sub Sections	Internal Rules	Policies	Flags
💼 a. authentication controls commensurate with the vulnerability and threats associated with the products and services offered. This could include usage of a second channel notification/confirmation of events (e.g. account transfers, new payees, change of address, access from an unrecognised device);
💼 b. limits to ensure losses are within risk tolerances (e.g. transfer limits, daily transaction limits);
💼 c. transaction activity monitoring to detect unusual patterns of behaviour and review of loss event trends which may trigger the need for additional controls (e.g. fraud and theft losses); regular review of customer education and security advice to ensure that it remains adequate and aligned with common industry practice;
💼 d. documented and communicated procedures for incident monitoring and management of fraud, data leakage and identity theft;
💼 e. minimising the collection of sensitive customer information beyond what is relevant to the business activities undertaken. This includes customer information used for the purposes of authentication, such as passwords/PINS.