New Central Bank Measures to Reinforce e-Payment Security

On July 9, 2021, the Argentine Central Bank (the “BCRA,” after its acronym in Spanish) published a press release on its website announcing that payment service providers offering payment accounts and financial institutions will now have to implement a series of new measures to reinforce the security of digital payments. Subsequently, through the issuance of two communiques, the BCRA made these guidelines effective.

First, Communique “A” 7326 of July 8, 2021, stipulated that, starting August 1, notifications from financial institutions to their customers for immediate debit payment services (“DEBIN,” after its acronym in Spanish) must be made electronically using any of the means of communication these institutions normally use with their clients, including e-mail, text message or any application that generates notifications on mobile devices on the receiving customer’s side.

In the notification, banks are required to alert their customers that if their DEBIN is accepted, funds will be withdrawn from their accounts and remitted to the originator of the DEBIN order.

Then, on July 12, 2021, the BCRA issued Communique “A” 7328, whereby it established that payment service providers that offer payment accounts (“PSPOCP,” after its acronym in Spanish) may allow those accounts to have more than one account holder.

In addition, the BCRA stipulated that financial entities and PSPOCPs that provide “digital wallets” or similar services must:

1. Comply, for the opening of payment accounts, with the KYC standards and requirements that the BCRA establishes for the opening of savings accounts.

2. Link to digital wallets only those payment instruments or accounts whose holder (or one of the co-holders) is the same as the holder of the “digital wallet.”

3. Use strong authentication mechanisms (2FA) for accessing the wallet.

Finally, the deadline for the implementation of these requirements is August 1, 2021 for new accounts and October 31, 2021 for the accounts that were already open at the time the communique was published.