LogoRegulatory Alerts
2022-01-01

Circular No. 22/2022: Access Control to Credit Information Systems

The Palestine Monetary Authority issued Circular No. 22/2022 mandating enhanced security protocols for bank access to credit information systems, effective June 12, 2022. The directive requires institutions to implement continuous email-based authentication codes valid for three minutes, enforce mandatory password changes every 60 days with strict complexity rules, and configure automatic session locks after twenty minutes of inactivity. Additionally, banks must suspend accounts after five failed login attempts, require explicit logout procedures, and instruct all users to clear browser data upon implementation.

Palestine Monetary Authority logo

Palestine

Palestine Monetary Authority

Click to view thumbnail

Palestine Monetary Authority PALESTINE MONETARY AUTHORITY

Circular No. (22/2022) To all banks operating in Palestine Date: Sunday, June 05, 2022

Subject: Access Control to Credit Information Systems

In order to enhance the protection level of credit information systems and strengthen the management of banks' operational risk environment, and based on Palestine Monetary Authority Circular No. (2016/154), please be informed of the following updates to the access mechanisms for credit information systems.

  1. Verification and Protection of System Access: An authentication window will appear upon opening the system browser and will continuously prompt for an authentication code, which will be sent via email to the user. The authentication code will be valid for 3 minutes from the time the automated email is sent to the user. Consequently, user system managers are required to verify previously entered user data, specifically the email addresses.
  2. Password Change: Users are required to change their password upon first use of the systems. The mandatory password change screen will appear for existing users starting from June 12, 2022, and upon each reactivation of a username. Additionally, users are required to change their password every 60 days, with a reminder message displayed to users 10 days before the password expires.
  3. Password Requirements: A strong password must be created, consisting of at least eight characters, including (a number, a symbol, lowercase letters, uppercase letters). Users must avoid using personal data or information found in the username, and must not reuse any of the last four passwords previously used.
  4. Automatic System Logout: System screens will automatically lock when the user stops interacting with the screens for more than twenty minutes.

www.pma.ps Ramallah & Al-Bireh Governorate - Palestine P.O. Box 452 Tel: +970 2 2415251 | Fax: +970 2 2415310 Gaza - Palestine P.O. Box 4026 Tel: +970 8 2825713 | Fax: +970 8 2844487

  1. Failed Login Attempts: The username will be suspended and access to the systems restricted if the password is entered incorrectly five times. It will be reactivated by the bank's user system manager through a new screen added to the user system named (User Activation), which does not require Palestine Monetary Authority approval for activation.
  2. System Logout: Upon finishing system use, users are required to log out via the top-left corner of the screen (logout icon) and not by closing the browser.
  3. Clear Browsing Data: All users must clear their browser's browsing data on the morning of Sunday, June 12, 2022.

Please comply with the above guidelines starting from June 12, 2022, and disseminate them to all users of the credit information systems. For any inquiries, please contact the Financial Stability Group / Analysis and Compliance Unit.

Financial Stability Group Palestine Monetary Authority

www.pma.ps Ramallah & Al-Bireh Governorate - Palestine P.O. Box 452 Tel: +970 2 2415251 | Fax: +970 2 2415310 Gaza - Palestine P.O. Box 4026 Tel: +970 8 2825713 | Fax: +970 8 2844487

Share