To view this message as a file click here

A Banking Supervision Department examination showed that IsraCard uses a remote face-to-face identification and authentication technology for the purpose of opening an online account in order to provide loans and in order to provide settlement services to authorized merchants, without notifying the Banking Supervision Department as required by Section 76[1] of Proper Conduct of Banking Business Directive 367, and certainly without obtaining its approval as instructed in the Directive.  In view of this, the Banking Supervision Department has decided to impose a monetary sanction of NIS 700,000 on IsraCard.[2]

The Banking Supervision Department ascribes great importance to the use of innovative digital means and advanced technology in the banking system, with the proper controls to prevent the exploitation of technology for purposes of fraud and impersonation, and to uphold the laws that are inherent in offline work processes, including the Prevention of Money Laundering order and the maintenance of proper documentation.

For this purpose, and with the aim and desire to make the identification and authentication process when opening an online account as simple as possible, the Banking Supervision Department enacted an amendment Proper Conduction of Banking Business Directive 367 on “E-Banking” in 2018.  The amendment deals with opening an online account, and enables the banking corporations to open online accounts while using remote face-to-face identification and authentication technology, subject to the appropriate controls and with prior approval from the Banking Supervision Department after it is ascertained that the controls are in place and that the laws are upheld as stated.

Supervisor of Banks Daniel Hahiashvili said: “The digital transformation of the banking system in Israel is an important and significant process, which is partly reflected in the improvement of service to the customer.  At the same time, in using innovative technologies, the banking corporations must make sure to fulfill the provisions of the laws and regulations, which are partly reflected in the secure use of such technologies.”

[1] “A banking corporation wishing to implement technology for remote face to face identification and authentication in order to open online accounts … shall notify the Banking Supervision Department in advance, presenting all the risks and means of managing them, and shall receive the approval of the Banking Supervision Department thereof.”

[2] Pursuant to the law, the maximum amount of a monetary sanction that can be imposed in respect of this type of breach is NIS 1,000,000.  However, since the Banking Supervision Department found that IsraCard stopped the use of this technology from the moment it was instructed to do so by the Banking Supervision Department, and acted to correct the defects and to obtain the necessary permit, it was decided to reduce the amount of the sanction by 30 percent, in accordance with the Banking (Maximum Rates of Reduction of Monetary Sanction Amounts) Rules, 5771–2011.