PDDTS MC 2020-62

Updated: Feb 21, 2021

October 06, 2020


TO : All PDDTS Participant Banks/Institutions


RE : SECURITY PRACTICES IN PDDTS AND THE ADOPTION OF ST3 TOKENS IN PLACE OF SSL CERTIFICATES


1. PCHC currently maintains a standards-based security model to ensure that access to the PDDTS application is

secure and meets regulatory requirements in relation to Information Security.


2. In addition to the conventional security measures such as the use of passwords and dual authentication

(maker/authorizer) features of PDDTS, access to the PCHC is also secured by SSL over TLS (Secure Sockets Layer

over Transport Layer Security) and all data sent to/from PCHC's servers are encrypted.


3. PCHC uses Two-Factor Authentication to provide an additional layer of security that are over and above the

minimum requirements to ensure the security and integrity of all its running applications. The same objective has

been mandated for PDDTS RTGS.


4. Prior to its launch on August 17, 2020 PCHC adopted the use of SSL certificates in lieu of ST3 tokens to still enable

Two-Factor Authentication as availability of the latter cannot be assured due to pandemic. However, PDDTS

participating banks/institutions raised some challenges in the installation and use of the SSL certificates, thus

necessitating the suspension of its use in vie of the need for the PDDTS RTGS under PCHC to already go live.


5. PCHC has considered Users' relevant feedback and after post evaluation, decided that implementing ST3 tokens

offers a more reliable and secure platform that should be adopted in PDDTS.


6. As such, PCHC will require all participant banks to use the ST3 tokens to align with the Two-Factor Authentication

that was mandated for PDDTS. That being said, each user defined in PDDTS must have an ST3 token to be able to

access PDDTS once the Two-Factor Authentication is implemented.


7. We are now in the process of acquiring the ST3 tokens from our supplier and will issue these tokens based on the

order it receives from the participant banks. Cost of each token will be published in a separate memo.


8. Users that already have ST3 tokens used in PESONet may use the same tokens in the PDDTS by indication the same

on the attached order form.


9. Kindly accomplish the attached order form and submit via email addressed to Mr. Renie Sugano at

reniesugano@pchc.com.ph on or before October 22, 2020.


10. Upon issuance, banks will be requested to test the ST3 tokens against the PDDTS UAT website at

https://pddtsuat.pchcdev.com and a Sign-off will be requested from the relevant users. Once PCHC receives the

sign-off for all users issued ST3 tokens, it will determine a date when to enable Two-Factor Authentication in

PDDTS.


11. We count on the full support of all PDDTS participants on the mandatory use of ST3 tokens.


PDDTS MC.2020-62
.Security Practices in P
Download SECURITY PRACTICES IN P • 502KB
PDDTS MC.2020-62.Attachment
.ST3 Token Or
Download ST3 TOKEN OR • 353KB