Announcement of PBC No. 23 [2005]
In order to standardize e-payment businesses, prevent
e-payment risks, ensure the safety of funds, protect the legal rights of banks
and their customers in e-payment activities, promote healthy development of
e-payment businesses, the People´s Bank of China hereby formulates and now
issues the Guidance on E-payment (No.1). This announcement shall enter into
effect on its issuing date.
Guidance on E-payment
(No.1)
Chapter 1 General Provisions
Article 1 The Guidance is formulated in order
to standardize and orient healthy development of e-payment, safeguard the legal
rights of all parties concerned and ensure the safety of banks´ and customers´
funds.
Article 2 The e-payment refers to the
activities of making instructions to electronic terminals so as to effect
monetary payment and capital transfer. These activities are conducted by
institutions or individuals directly or others with their authorization.
According to the initiation modes, the types of
e-payments can be categorized as net payment, phone payment, mobile payment and
POS payment, ATM payment and other payments.
All domestic financial institutions in the banking
industry (hereinafter referred to as "banks") that are engaged in e-payment
businesses are subject to the Guidance.
Article 3 To conduct e-payment
businesses, banks shall abide by related state laws and regulations, and shall
not damage the interests of customers and the public.
For banks in cooperation with other institutions to
conduct e-payment businesses, the qualification of the cooperating institutions
shall meet the requirements of related regulations and rules. Based on the
principle of fair trading, banks shall sign written agreements with these
institutions and establish corresponding supervision mechanisms.
Article 4 Customers shall open bank settlement
accounts (hereinafter referred to as accounts) with banks to carry out
e-payment businesses. The opening and using of the accounts shall comply with
regulations such as the Administrative Rules for RMB Bank Settlement
Accounts, the Regulations on Domestic Foreign Exchange Account
Management, and etc.
Article 5 The e-payment instructions and paper
payment certificates are convertible to each other and have equal validity.
Article 6 The connotations of the terms in the
Guidance are as follows:
(1) "Initiating bank" refers to the bank that makes
electronic instructions entrusted by its customers.
(2) "Receiving bank"
refers to the account-opening bank of the receivers of electronic instructions.
For receivers without accounts in banks, it refers to the remittance-receiving
bank according to the e-payment instructions.
(3) "Electronic terminal"
refers to computers, telephones, POSes, ATMs, mobile communication tools and
other electronic equipments.
Chapter 2 Application for
E-payment businesses
Article 7 Banks shall ascertain the requirements
of e-payment business customers in accordance with the principle of prudence.
Article 8 Banks engaged in e-payment
businesses shall disclose publicly the following information:
(1) Names, operating addresses
and contact details of the banks;
(2) Requirements of the
customers to conduct e-payment businesses;
(3) Products, operating
procedures and fee standards of the e-payment businesses provided;
(4) All potential risks
regarding e-payment transaction products, which include the operational risks,
safety measures yet taken and loopholes that evade any safety measures.
(5) Potential risks that shall
arise when customers use the e-payment transaction products;
(6) Alerting information for
customers to properly keep, use or authorize other people to use e-payment
transaction__ tools (such as card, password, private key, electronic signature
based data, and etc.)
(7) Ways to handle disputes
and errors
Article 9 Banks shall earnestly verify
customers´ basic data of application for conducting e-payment businesses, and
shall sign written or electronic agreements with customers.
Banks shall properly keep the customers´ application
data in accordance with the accounting file management requirement for a term
until 5 years after the said customers have cancelled the e-payment businesses.
Article 10 When conducting e-payment
businesses for customers, banks shall reach an agreement with customers on an
appropriate identification mode, such as password, private key, digital
certificate, electronic signature, and etc, which should be based on customers´
characteristic, e-payment type, payment amount, and etc.
The agreement and use of the identification mode shall
comply with the stipulations of laws and regulations such as the Electronic
Signature Law of the People´s Republic of China.
Article 11 When requesting customers
to provide related documents and information, banks shall inform customers of
the objectives and scope for using such information, safety protection measures
and the aftereffect in case customers fail to provide the true related
documents and information.
Article 12 Customers may specify
accounts for conducting e-payment businesses from all their bank settlement
accounts. Such accounts may also be used for other payment businesses.
Bank settlement accounts without customers´
specification shall not be used for e-payment businesses.
Article 13 The agreement between
customers and banks shall include the following content:
(1) The name and number of the
account specified by customers to conduct e-payment businesses;
(2) Customers shall ensure the
payment capability of the accounts used for conducting e-payment businesses;
(3) The e-payment mode,
transaction rules, identification modes agreed by both parties.
(4) The secret-keeping
obligation of banks in terms of the application data and other information
provided by customers;
(5) Time and mode of banks
providing transaction records at the request of customers;
(6) Disputes, errors handling
and indemnity liability.
Article 14 Customers shall promptly
submit electronic or written application to banks in any of the following
circumstances:
(1) Suspension of the
electronic agreement;
(2) Alteration of the
customers basic data;
(3) Need of a change of the agreed
identification mode;
(4) Theft or loss of related
e-payment business data, tools of depositing and withdrawing;
(5) Other circumstances agreed
between customers and banks.
Article 15 In case of customers
violating state laws and regulations via e-payment businesses, banks shall
suspend their e-payment businesses according to authoritative agencies´
requirements.
Chapter 3 Initiation and
Receipt of E-payment Instructions
Article 16 Customers shall initiate
e-payment instructions based on their agreement with the initiating bank.
Article 17 The initiating bank of
e-payment instructions shall establish necessary safety procedures, make
confirmation of the identity and electronic instructions of customers, form and
keep records such as logs for a term until 5 years after the transaction.
Article 18 Before customers make
e-payment instructions, the initiating bank shall take effective measures to
prompt customers to confirm the accuracy and completeness of such instructions.
Article 19 The initiating bank shall
ensure executing the customers´ electronic instructions correctly and being
able to provide written or electronic transaction receipts to customers after
the confirmation of the e-payment instructions.
After the initiating bank executed e-payment
instructions following a series of safety measures, customers shall not require
an alteration or cancellation of such e-payment instructions.
Article 20 The initiating bank and
the receiving bank shall ensure that electronic instructions be trackable and
verifiable but not be juggled.
Article 21 Prompt making, receiving
and executing of e-payment instructions shall be ensured between the initiating
bank and the receiving bank in accordance with their agreement.
Article 22 For electronic
instructions in need of being converted to written payment certificates, the
written payment certificates shall record the following items (banks shall
decide on their own the specific format)
(1) Name and stamp of the
payer´s account-opening bank;
(2) Name and account number of
the payer;
(3) Name of the receiving
bank;
(4) Name and account number of
the receiver;
(5) Amount in capital letters
and small letters;
(6) Initiating date and the
serial number of the transaction.
Chapter 4 Safety Control
Article 23 Banks shall conduct
e-payment businesses in accordance with related regulations regarding
information safety standards, technical standards, business standards, and etc.
Article 24 Banks shall establish
effective management systems targeting at risks in relation to e-payment
businesses.
Article 25 Based on the prudential
principle, banks shall make rational restrictions on e-payment mode, single
payment amount and daily accumulated payment amount targeted at different
customers.
When conducting e-payment businesses with banks,
institutional customers shall not exceed the upper limit of RMB 50,000 yuan for
each single payment from their bank settlement accounts to individual bank
settlement accounts, with the exception that when prior valid payment receipts
are available according to the contracted agreements between banks and
customers.
Within the lines of credit of the credit cards, Banks
shall set the quotas of on-line payment transactions for customers to choose,
but such quotas shall not exceed the quota for pre-borrowed fund¡£
Article 26 Banks shall ensure the
safety of the e-payment business processing system, ensure the irrevocability
of the data of important transactions, the completeness of deposits an
withdrawals, the truthfulness of customers´ identity and properly manage
identification data such as passwords, private keys for the e-payment business
processing system.
Article 27 Banks shall not exceed
the scope approved by laws, regulations or authorized by customers.
Banks shall keep secrets regarding customers´
documents, information, transaction records, and etc. Unless otherwise stipulated
in state laws and administrative regulations, banks shall refuse any
institution or individual´s request for inquiry except for by the customers
themselves.
Article 28 Banks shall sign
agreements with customers to provide information such as transaction records,
capital balance, account status, etc. to customers promptly or periodically.
Article 29 Banks shall take
necessary measures to protect the integrity and reliability of e-payment
transactions data.
(1) To formulate corresponding
risk control strategies, prevent the e-payment business processing system from
purposed or incidental changes that may put the integrity and reliability at
risk, and also possess the effective business capacity, business continuity
plan and contingency plan;
(2) To ensure that the designs
of e-payment´s transactions and data-recording procedures be effectively spied
on in case of alteration without permission.
(3) To effectively prevent
e-payment transaction data from alterations without permission in the
procedures of transmitting, processing, saving, using and rectifying. All the
alterations to e-payment transaction data shall be spied on via functions such
as trade processing, monitoring and data recording.
(4) To properly keep e-payment transaction
data in the form of written or magnetic media in accordance with the
requirements of accounting file management, and for a term of 5 years,
convenient for referring to.
Article 30 Banks shall take
necessary measures to keep the secrets of e-payment transaction data:
(1) Visits to the e-payment transaction
data shall be undergoing rational authorization and confirmation;
(2) Keep the e-payment
transaction data safely and prevent them from being browsed without permission
or intercepted illegally on public, private or internal nets;
(3) The acquiring of e-payment
transaction data by a third party shall be in accordance with stipulations of
related regulations as well as banks´ standards and control system on data
using and protection.
(4) Registration is a must for
visiting e-payment transaction data and shall not be altered without
permission.
Article 31 Banks shall ensure
rational authorization and control to operators, managers and system servers of
the e-payment business processing system.
(1) To ensure that the
identification data necessary for entering e-payment business account or other
sensitive systems not be altered without permission or damaged. These
alteration without permission shall be spied on and the attempts for these
alteration without permission shall be reflected properly through auditing or
supervision.
(2) Any inquiry, addition,
deletion or alteration of these identification data shall have necessary
authorization, and shall have daily logs proof against any alterations without
permission.
Article 32 Banks shall take
effective measures to ensure the division of rights and responsibilities in the
e-payment business system;
(1) To execute testing on the
e-payment business processing system and ensure the division of rights and
responsibilities;
(2) To maintain the status of
separation of the developers and managers of the e-payment business system;
(3) The transaction procedures
and the internal control system shall ensure that any individual employee or
external service provider have no means to accomplish a transaction
independently;
Article 33 Banks shall be able to
outsource part of their e-payment businesses to legal specialized service
providers, but shall not transfer their obligations and corresponding
liabilities to customers in the mean time.
Banks shall sign agreements with specialized e-payment
business related service providers as well as establish a set of comprehensive
and durative procedures to manage their outsourcing relationships.
Article 34 For banks effecting
customers´ identification and transaction authorization via digital
certificates or electronic signatures, it is advocated that a legal third-party
identification institution shall provide such services. In case that customers
suffer loss due to the said identification services and the identification
institution fail to prove the innocence of itself, the identification
institution shall hold corresponding liabilities pursuant to law.
Article 35 The information
processing and funds clearance of domestic RMB denominated e-payment
transactions shall be completed within the territory of China.
Article 36 The e-payment business
processing system of banks shall ensure the complete record and disclosure of
e-payment transaction information pursuant to related laws and regulations.
Article 37 Banks shall establish a
major event reporting system on the operation of e-payment businesses, and
shall promptly report to supervisory agents events that put the running of
e-payment businesses in jeopardy.
Chapter 5 Errors
Handling
Article 38 The handling of errors in
e-payment businesses shall comply with the principle of truthfulness, accuracy
an promptness.
Article 39 Banks shall
designate corresponding departments and business people to be in charge of the
handling of errors in e-payment businesses and clearly define their rights as
well as responsibilities.
Article 40 Banks shall properly keep
the transaction records for e-payment businesses, maintain detailed
registrations for the errors in e-payment businesses, including the error time,
error content, name of the handling department and persons, customers´
documents, error effect, error cause, error result, and etc.
Article 41 In case of leakage or
alteration without permission of customers´ documents and information due to
the improper maintenance or use by banks, banks shall take effective measures
to prevent customers from suffering losses as a result, and shall promptly
inform customers as well as provide assistance for remediation.
Article 42 If e-payment instructions
fail to be transferred on time as agreed, or are transferred incompletely or
with alteration without permission, and customers have suffered losses as a
result, which can be traced to banks´ own system, internal control rules or the
third-party service providers for the banks, banks shall make compensation to
customers as agreed.
For the customers´ loss that are traced to the
third-party service providers, banks shall make compensation firstly, and then
exercise their right of recourse against the third-party service providers
pursuant to the agreement.
Article 43 In case that the receiving
bank fails to execute, or execute properly, or execute on time the-payment
instructions, which lead to the incorrect entrance of customers´ funds into
their accounts, the receiving banks shall make rectifications promptly.
Article 44 Customers shall properly
keep, use e-payment business tools of depositing and withdrawing, and shall
inform banks promptly of any theft or loss of e-payment related documents or
tools of depositing and withdrawing in the mode and procedures pursuant to the
agreement
Article 45 In case that the
non-capital holders steal the tools of depositing and withdrawing and have made
e-payment instructions after going through the safety procedures of
identification and transaction authorization, the initiating bank shall
actively assist customers in locating the causes and reduce customers´ loss to
its best ability.
Article 46 Where customers discover
that it is due to their own faults such as operation in violation of relevant
rules that lead to non-execution, or improper execution, or deferred execution
of the e-payment instructions, customers shall inform the banks within the
agreed time and in the procedure and mode as contracted. Banks shall actively
probe into the causes and inform customers of the result.
Where banks discover that it is due to the customers´
faults that lead to the non-execution, improper execution and deferred
execution of the e-payment business instructions, banks shall take the
initiative to inform customers to make rectification and assist customers in
making remedies.
Article 47 Where the non-execution,
improper execution or deferred execution of e-payment instructions are caused
by force majeure, banks shall make active efforts to prevent the expansion of
losses.
Chapter 6 Supplementary
Provisions
Article 48 The People´s Bank of
China is responsible for interpretation and amendment of the Guidance.
Article 49 The Guidance shall enter
into effect on the date of promulgation.
Download the Document(MS WORD format)
