Central Bank of Argentina establishes new measures for digital wallets
On February 24, 2022, the Board of Directors of the Central Bank of Argentina (in Spanish, Banco Central de la República Argentina, “BCRA”) adopted a series of measures to improve the security of digital wallets. Through Communication “A” 7462 and Communication “A” 7463, the BCRA established new technical requirements for Payment Service Providers (PSP) and financial entities that offer digital wallet services. In that sense, the BCRA reinforces the measures previously adopted in relation to customer authentication and payment authorization instructions.
The BCRA defined the “digital wallet” service, also known as “electronic wallet” or “virtual wallet”, as the service offered by a financial entity or PSP through an application in a mobile device or web browser that must allow, among other transactions, to make payments with transfer (PWT) and/or with other payment instruments, such as debit, credit, purchase or prepaid cards.
Pursuant to these new provisions, both PSPs and financial institutions are required to obtain a certification issued by the BCRA to provide the transfer payment services. In addition, both PSPs and financial institutions must be registered with the Registry of Interoperable Digital Wallets. As from May 2022, the administrators of electronic transfer schemes (in charge of defining the rules of the software program and responsible for its compliance with the legal and regulatory framework in force) will not be able to process payments with QR codes if they cannot be read by all the registered digital wallets.
When dealing with immediate transfers, PSPs and financial institutions must implement mechanisms to detect suspicious or unusual users’ activities in order to mitigate the risk of fraud. Each immediate transfer scheme (systems of commercial, technical and/or operational rules that make possible the operation of the electronic payment instrument) must identify the responsibilities of each participant (payer, payee, and one or more financial institutions or PSPs) and the relationship with the other schemes involved in fraud management. Customer services dealing with fraud claims shall be in charge of the affected account provider. A procedure that allow a planned and coordinated management among the participants involved shall be created for the resolution of claims (unauthorized, fraudulent, erroneous, or failed payments, etc.). Likewise, maximum response terms shall be defined and published in all cases.
Regarding prevention and management rules, the BCRA sets forth organizational guidelines for each of the participants of the transfer schemes: the payer, payee, and one or more financial institutions or PSPs. Its main purpose is to respond to customer fraud claims. These guidelines are aligned with the Bank for International Settlements (BIS) document “CPMI Fast Payments – Enhancing the speed and availability of retail payments”, which warns of the main risks faced by immediate payment systems, including cybersecurity contingencies and exposure to fraud.
PSPs and financial institutions will have 180 days from the issuance of the rule to adjust their systems to the new regulations.
For further information contact: firstname.lastname@example.org.