The Shanghai Head Office of the People's Bank of China ("PBC"); all branches and operations offices of the PBC; all central sub-branches of the PBC in capital cities of provinces (autonomous regions) and sub-provincial cities; China Development Bank; all policy banks, state-owned commercial banks, and joint-stock commercial banks; and Postal Savings Bank of China:
Recently, cases involving fraudulent access to inquiry user and password and other information in the basic database of financial credit information (hereinafter referred to as the “credit reference system”) have occurred in many financial institutions. By impersonating the staff of headquarters of financial institutions, lawbreakers contacted the credit reference personnel of branch offices of financial institutions through virtual phone numbers to ask for their inquiry user and password and other information on the grounds of credit reference system anomalies, system upgrading, joint debugging and testing, and internal management enhancement, among others. After accomplishing such fraud, they inquired for a large number of personal credit reports within a short period of time, posing a significant threat to the security of personal credit information. For the purposes of preventing relevant risks and ensuring the security of personal credit information, you are hereby notified of the related work requirements as follows:
I All institutions with access to the credit reference system shall be highly concerned with the risks of leakage of user information in the credit reference system, and effectively manage the related risks. The managerial personnel of an institution at a higher level shall not, through informal channels such as telephone, SMS and internal messaging tools, require credit reference personnel of an institution at a lower level to provide credit reference system administrator and inquiry user and other information on the grounds of system upgrading, joint debugging and testing and system failures. Credit reference system users shall be warned not to provide or lend their user names and passwords to others. The staff of institutions with access to the credit reference system shall not provide sites, Internet access, and technology or otherwise facilitate credit reference system inquiries from others.
II Each institution with access to the credit reference system shall conscientiously screen for the risks of leakage of information on credit reference system users. If any leakage of user information has occurred, the institution shall carefully check all credit reference system inquiries related to the users since the leakage, and report the relevant information to the local branch office of the PBC in a timely manner. If it is discovered in the screening process that any user information in the credit reference system has been fraudulently accessed by telecommunication means, the institution shall take timely risk prevention measures, report to the local branch office of the PBC, and when necessary, report the case to the public security authority.
III PBC branch offices at all levels shall further enhance their safety management of credit reference system users of institutions with access to the system within their respective jurisdictions, make arrangements for these institutions to thoroughly screen for risks of user information leakage, supervise them in conscientiously completing the relevant work, and strictly prevent events of personal information leakage.
Shanghai Head Office of the PBC, all branches and operations offices of the PBC, and all central sub-branches of the PBC in capital cities of provinces (autonomous regions) and sub-provincial cities shall forward this Notice to all institutions with access to the credit reference system within their respective jurisdictions.
Contact: Sun Yi, Tel: 010-66199408
The General Administration Department of the People's Bank of China
August 2, 2017
