Chapter I General Provisions
Article 1 These Guidelines are formulated for the purpose of regulating and guiding the sound development of electronic payment, protecting the lawful rights and interests of the parties concerned, guarding against the payment risks and ensuring the security of banks and their customers’ funds.
Article 2 The term “electronic payment” refers to such an act in which an entity or individual (hereinafter referred to as the Customer) directly sends out payment instructions via electronic terminals or authorizes any other to do so in order to conduct the payment of currencies and transfer of funds.
The electronic payment can, in terms of the methods for sending out electronic payment instructions, be divided into network payment, payment via telephone, mobile payment, businesses by point of sale terminals, businesses by automatic teller machines and other electronic payment methods.
The Electronic payment services conducted by banking financial institutions within the territory of China (hereinafter referred to as the Banks) shall be governed by these Guidelines.
Article 3 The bank shall, when conducting Electronic payment services, abide by the relevant laws and administrative regulations of the state, and shall not damage the interests of the customers and the public.
Where the bank and any other institution cooperate to conduct Electronic payment services, the qualification of the cooperating institution shall comply with the relevant laws and rules, and the bank shall, according to the principle of fair dealing, conclude a written agreement within it and establish a corresponding supervisory mechanism.
Article 4 A customer shall, when conducting an electronic payment transaction, open a bank settlement account (hereinafter referred to as the account) in the bank, and the opening and use of the account shall comply with the prescriptions in the Measures for the Administration of RMB Bank Settlement Accounts and the Provisions on the Administration of Foreign Exchange Accounts Opened within the Territory of China.
Article 5 An electronic payment instruction can exchange with a paper payment voucher, and both two have the same force.
Article 6 The following terms in these Guidelines shall have the meanings herein defined:
(1)The term “initiating bank” refers to the bank that accepts the customer’s entrustment for sending out electronic payment instructions.
(2)The term “receiving bank” refers to the opening bank of the receiver of an electronic payment instruction; or the beneficiary’s bank as determined in an electronic payment instruction if the receiver has not opened an account in any bank.
(3)The term “electronic terminal” refers to the computer, telephone, point of sale terminal, automatic teller machine, mobile communication device or any other electronic equipment by which a customer can send out electronic payment instructions.
Chapter II Application for Electronic Payment Services
Article 7 The bank shall, according to the principle of prudence, determine the conditions for the customers conducting Electronic payment services.
Article 8 The bank conducting Electronic payment services shall disclose the following information:
(1) the name , business address and contact method of the bank;
(2) conditions for the customers to transact Electronic payment services;
(3) varieties of Electronic payment services provided thereby, operational procedures and charging rates, etc.;
(4) all potential risks in each variety of Electronic payment services, including operational risks of the aforesaid variety, security measures that have not been adopted, as well as loopholes due to the fact that the security measures can not be adopted;
(5) potential risks that may exist when the customers use the varieties of Electronic payment services;
(6) the warning information on reminding the customers of proper protection, use or authorization to others for using access devices (such as cards, passwords, secret keys and data on electronic signature) for Electronic payment services; and
(7) methods for solving disputes and errors.
Article 9 The bank shall carefully examine and verify the basic customer data on applying for conducting Electronic payment services, and conclude agreements with the customers in a written or electronic manner.
The bank shall, according to the requirements for the administration of financial archives, properly keep the application materials of any customer for five years after the customer cancels the electronic payment transaction.
Article 10 When the bank conducts Electronic payment services for any customer, it shall, according to the nature of the customer, type of electronic payment and amount of payment, etc., stipulate a proper authentication method with the customer, such as passwords, secret keys, digital certificate, electronic signature, etc..
The stipulation and use of authentication methods shall be governed by the provisions in the Law of the People’s Republic of China on Electronic Signature and other laws and regulations.
Article 11 When the bank requires a customer to provide the relevant materials and information, it shall inform the customer of the purpose and scope of using the provided information, security protection measures, as well as the consequences if the customer fails to provide or faithfully provides the relevant materials.
Article 12 A customer may designate an account for Electronic payment services among the bank settlement accounts that have already been opened thereby. The aforesaid account can also be used for other payment settlement businesses.
Any bank settlement account that is not designated by the customer can not be used for conducting Electronic payment services.
Article 13 An electronic payment agreement concluded between a customer and a bank shall include:
(1) the name and number of the account designated by the customer for Electronic payment services;
(2) the customer shall guarantee the payment capacity of the account for Electronic payment services;
(3) the electronic payment method, dealing rules and authentication method as stipulated by both parties;
(4) the duty of confidentiality of the bank to the application materials and other information as provided by the customer;
(5) the bank shall provide the time and method for transaction log as required by the customer; and
(6) the handling of disputes or errors and the liability of compensation for damage.
Article 14 If it is under any of the following circumstances, a customer shall file an electronic or written application with the bank in a timely manner:
(1) The electronic payment agreement is terminated;
(2) The basic materials of the customer are altered;
(3) The authentication method as stipulated needs to be altered;
(4) The materials or access devices for Electronic payment services are stolen or lost; or
(5) Any other circumstance as stipulated by the customer with the bank.
Article 15 In case customer makes use of electronic payment method to conduct any activity in violation of the laws or regulations of the state, the bank shall stop handling Electronic payment services for the aforesaid customer as required by the competent department.
Chapter III Initiation and Receipt of Electronic Payment Instructions
Article 16 A customer shall, under the agreement concluded with the initiating bank, send out an electronic payment instruction.
Article 17 The initiating bank for an electronic payment instruction shall establish necessary security programs so as to confirm the customer’ status and the electronic payment instruction, and work out log files, which shall be kept for five years after the transaction.
Article 18 The initiating bank shall take effective measures to remind customers to confirm the accuracy and integrity of instructions before a customer sends out an electronic payment instruction.
Article 19 The initiating bank shall ensure that electronic payment instructions sent out by the customer be correctly implemented, and can provide paper or electronic acknowledgements of transactions to the customers after the confirmation of electronic payment instructions.
After the initiating bank implements an electronic payment instruction that has passed the security programs, the customer shall not require to alter or cancel the electronic payment instruction.
Article 20 The initiating bank and the receiving bank shall ensure the follow-up audit and tamper-proof of electronic payment instructions as transmitted.
Article 21 The initiating bank and the receiving bank shall, according to the agreement, timely transmit, receive and implement electronic payment instructions, and give replies for confirmation.
Article 22 Where an electronic payment instruction needs to be converted into a paper payment voucher, the paper payment voucher shall include (the concrete format shall be determined by the bank):
(1) the name and seal of the payer’s opening bank;
(2) the name and account of the payer;
(3) the name of the receiving bank;
(4)the name and account of the payee;
(5) the amount in figures and the amount in words; and
(6) the date of initiation and the serial number of the transaction.
Chapter IV Security Control
Article 23 The information security standards, technical standards and business operational standards, etc. as adopted by the bank for conducting Electronic payment services shall comply with the relevant provisions.
Article 24 The bank shall establish an effective management system against the risks relating to Electronic payment services.
Article 25 The bank may, according to the principle of prudence and on the basis of different customers, reasonably limit the types of electronic payment, amount of a single transaction, and daily accumulative payment amount, etc..
A bank conducts Electronic payment services for individual customers through internet, except for safety certification methods such as digital certificates, electronic signature, etc., single amount shall not exceed RMB1, 000, and daily accumulated amount shall not exceed RMB5,000 Yuan.
A bank conducts Electronic payment services for customers, the single amount of the money paid by unit customers from their bank settlement account to individual bank settlement account shall not exceed RMB50,000 Yuan, unless the customers could provide effective payment evidences in advance as stipulated by the bank and customers through agreement.
The bank shall set up the limit for network payment transactions for customers’ selection within the credit limit of customers’ credit card, but the limit shall not exceed the cash advance limit of the credit card.
Article 26 The bank shall ensure the safety of electronic payment business processing system, guarantee the non-repudiation of important transaction data, the completeness of data storage, and the authenticity of customers’ identity, and properly manage the certification data such as password and cipher key, etc. used in the electronic payment business processing system.
Article 27 The bank shall not exceed the scope permitted by laws and regulations and authorized by customers in terms of using customer data and transaction records, etc.
The bank shall keep secrete customers’ data and information as well as transaction records according to laws. Unless otherwise specified in national laws and administrative rules, the bank shall refuse the inquiry of any unit or individual person other than customers.
Article 28 The bank shall stipulate with customers to provide customers with transaction records, balance and account state, etc. in time or periodically.
Article 29 The bank shall adopt necessary measures to protect the completeness and reliability of electronic payment transaction data:
(1) making corresponding risk control policies to prevent intentional or unintentional changes endangering the completeness and reliability of data in the Electronic payment services processing system, and making effective business capacity and business continuity plan and emergency plan;
(2) ensuring effective sensing on any random change in the design of electronic payment transactions and data recording program;
(3) effectively preventing electronic payment transaction data from being distorted in transferring, processing, storage, utilization and revision; and ensuring the sensing on any distortion to electronic payment transaction data through transaction processing, monitoring and data recording functions;
(4) properly keeping electronic payment transaction data with paper medium or magnetic medium for 5 years, and ensuring them to be convenient for reference according to the requirements on accounting archives management.
Article 30 The bank shall adopt necessary measures to keep secret electronic payment transaction data:
(1) executing reasonable authorization and confirmation for access to electronic payment transaction data;
(2) electronic payment transaction data shall be kept with safe methods, and shall be prevented from being referred to at random or being intercepted illegally in transmission through public, private or internal networks;
(3) a third party’s acquisition of electronic payment transaction data must comply with the regulations of related laws and rules, as well as the bank’s standards and control systems about data utilization and protection;
(4) the access to electronic payment transaction data shall be registered, and the registration shall be ensured not to be falsified.
Article 31 The bank shall ensure to reasonably control the authorization to the operators, management personnel and system service providers of the electronic payment business processing system:
(1) ensure to keep the certification data necessary for entering into electronic payment business account or sensitive system from being falsified and destroyed. Such falsification shall be available to be sensed, and auditing supervision shall correctly reflect the attempt to such falsification.
(2) any inquiry, addition, deletion or modification to certification data shall obtain necessary authorization, and shall have log record unavailable to be distorted.
Article 32 The bank shall adopt effective measures to ensure the separation of responsibilities in electronic payment business processing system:
(1) testing the electronic payment business processing system, and ensuring the separation of responsibilities;
(2) maintaining the separated state of the personnel developing, managing and operating electronic payment business processing system;
(3) the design of transaction procedure and internal control system shall ensure that any individual employee and external service provider could not complete a transaction independently.
Article 33 The bank may outsource partial electronic payment services to legal and professionalized service organs according to related regulations, but the bank’s obligations and corresponding responsibilities toward customers shall not be transferred due to the establishment of contracting relations.
The bank shall sign an agreement with professionalized service organs related to developing Electronic payment services, and establish a set of comprehensive and continuous procedures to manage the contracting relations.
Article 34 In case the bank adopts digital certificate or electronic signature to conduct customer identity certification and transaction authorization, it is proposed to arrange a third party certification organ to provide certification services. In case some customers suffer from losses due to conducting transactions according to the certification services, and the certification service organ could not prove that it is innocent, it shall undertake corresponding liabilities according to laws.
Article 35 The RMB electronic payment transaction information processing and capital liquidation occurring at home shall be completed at home.
Article 36 The electronic payment business processing system of the bank shall ensure to completely record and disclose the electronic payment transaction information according to related laws and rules.
Article 37 The bank shall establish a report system of important matters in operation of Electronic payment services, and report to supervision department any item endangering the safety in the operation of Electronic payment services.
Chapter V Error Treatment
Article 38 The error treatment of Electronic payment services shall persist in the principles of being true, correct and timely.
Article 39 The bank shall designat corresponding department and business personnel to take charge of error treatment of Electronic payment services, and make clear their rights and responsibilities.
Article 40 The bank shall properly keep the transaction records of Electronic payment services, record and register the errors in Electronic payment services in detail. Here, the recorded contents shall include the time and contents of errors, the name of treatment department and personnel, customer data, influences or losses of errors, reasons of errors, and treatment result, etc.
Article 41 In case customer data and information are disclosed or falsified due to the improper keeping and utilization of the bank, the bank shall adopt effective measures to prevent customers’ losses resulting from hereof, and inform an assist customers for remedy in time.
Article 42 In case the bank causes that the electronic payment instructions are falsified or couldn’t be transmitted on time or completely, and brings losses to customers due to the reasons of its own system, internal control system, or third party service organ providing services for it, the bank shall honor its liabilities as regulated.
In case customers suffer from losses due to the reasons of a third party service organ, the bank shall compensate customers, and conduct recourse according to the agreement with this third party service organ.
Article 43 In case the receiving bank fails to execute, or execute properly or on schedule the electronic payment instructions due to the reasons of its own system or internal control system, etc., and makes that customers’ money not remitted to account correctly, the receiving bank shall make corrections in time.
Article 44 Customers shall properly keep and use electronic payment transaction access tools. In case related electronic payment business materials and access tools are stolen or lost, customers shall inform the bank in time according to the stipulated methods and procedures.
Article 45 In case people other than capital owner steal others’ access tools to send out electronic payment instructions, and their identity certification and transaction authorization are conducted through the safety program of the initiating bank, the initiating bank shall actively cooperate with customers to find out the reasons, and try to reduce customers’ losses.
Article 46 In case customers discover that they fail to conduct operations as regulated, or the electronic payment instructions are not executed, or not executed properly or on schedule due to their own other reasons, they shall notify the bank according to the stipulated producers and method within the time regulated in the agreement. The bank shall develop positive investigations and inform customers of the investigation results.
Article 47 In case the electronic payment instructions are not executed, or not executed properly or on schedule due to force majeure, the bank shall adopt positive measures to prevent the expansion of losses.
Article VI Supplementary Provisions
Article 48 The Guidelines shall be interpreted and amended by the People’s Bank of China.
Article 49 The Guidelines shall be executed since the date of issuance.