Trading Member’s attention is drawn to SEBI circular SEBI/HO/MIRSD/CIR/PB/2018/147 dated December 03, 2018, on Cyber Security & Cyber Resilience framework for Stockbrokers, wherein all Trading Members were required to mandatorily implement two-factor authentication on application offered by Members to customers through Internet Based Trading (IBT) and Securities Trading through Wireless Technology (STWT).

In joint consultation with SEBI and Exchanges, it is hereby clarified that, in addition to user ID, Trading Members shall preferably use biometric authentication as one of the authentication factors, along with any one of the below-mentioned factors:

1.  Knowledge factor (something only the user knows): - for e.g., Password, PIN.

2. Possession factor (something only the user has): - for e.g., OTP, security token, authenticator apps on smartphones etc. In case of OTP, the same should be sent to clients through both email and SMS on their registered email ID and Mobile number.

In cases, where biometric authentication is not possible, Trading Members shall use both the aforementioned factors (Knowledge factor and Possession factor), in addition to the user ID, for 2-factor authentication (2FA). It is to be noted that the abovementioned authentication shall be implemented on every login session by the client to IBT and STWT.

The above guidelines shall be implemented latest by September 30, 2022.

Trading Members are requested to take note of the same and comply accordingly.

Abhijit Pai                                                              Bina Khaneria                                            

Dy.Gen.Manager                                                  Assoc. Manager

Membership Compliance &                               Membership Compliance

Investor Services