Updated: Feb 21, 2021
October 06, 2020
TO : All PDDTS Participant Banks/Institutions
RE : SECURITY PRACTICES IN PDDTS AND THE ADOPTION OF ST3 TOKENS IN PLACE OF SSL CERTIFICATES
1. PCHC currently maintains a standards-based security model to ensure that access to the PDDTS application is
secure and meets regulatory requirements in relation to Information Security.
2. In addition to the conventional security measures such as the use of passwords and dual authentication
(maker/authorizer) features of PDDTS, access to the PCHC is also secured by SSL over TLS (Secure Sockets Layer
over Transport Layer Security) and all data sent to/from PCHC's servers are encrypted.
3. PCHC uses Two-Factor Authentication to provide an additional layer of security that are over and above the
minimum requirements to ensure the security and integrity of all its running applications. The same objective has
been mandated for PDDTS RTGS.
4. Prior to its launch on August 17, 2020 PCHC adopted the use of SSL certificates in lieu of ST3 tokens to still enable
Two-Factor Authentication as availability of the latter cannot be assured due to pandemic. However, PDDTS
participating banks/institutions raised some challenges in the installation and use of the SSL certificates, thus
necessitating the suspension of its use in vie of the need for the PDDTS RTGS under PCHC to already go live.
5. PCHC has considered Users' relevant feedback and after post evaluation, decided that implementing ST3 tokens
offers a more reliable and secure platform that should be adopted in PDDTS.
6. As such, PCHC will require all participant banks to use the ST3 tokens to align with the Two-Factor Authentication
that was mandated for PDDTS. That being said, each user defined in PDDTS must have an ST3 token to be able to
access PDDTS once the Two-Factor Authentication is implemented.
7. We are now in the process of acquiring the ST3 tokens from our supplier and will issue these tokens based on the
order it receives from the participant banks. Cost of each token will be published in a separate memo.
8. Users that already have ST3 tokens used in PESONet may use the same tokens in the PDDTS by indication the same
on the attached order form.
9. Kindly accomplish the attached order form and submit via email addressed to Mr. Renie Sugano at
firstname.lastname@example.org on or before October 22, 2020.
10. Upon issuance, banks will be requested to test the ST3 tokens against the PDDTS UAT website at
https://pddtsuat.pchcdev.com and a Sign-off will be requested from the relevant users. Once PCHC receives the
sign-off for all users issued ST3 tokens, it will determine a date when to enable Two-Factor Authentication in
11. We count on the full support of all PDDTS participants on the mandatory use of ST3 tokens.