Skip to content
Electronic Financial Transactions Act

Electronic Financial Transactions Act

Electronic Financial Transactions Act

Electronic Financial Transactions Act

1. Overview: The Electronic Financial Transactions Act, securing safety and trust in digital finance

    flowchart LR
    A["Traditional financial transactions"] -- "Transition to a secure digital finance infrastructure" --> B["Electronic Financial Transactions Act"]
  

Definition: A law enacted to clarify the legal relationships of electronic financial transactions and to promote the development of the financial industry by ensuring safety and trustworthiness.

Characteristics: (Market-entry regulation) Establishes safe market-participation criteria by defining registration and licensing requirements for electronic financial business operators. (User protection) Clearly defines obligations for accident liability, dispute resolution, and damage compensation to protect users. (Financial security baseline) Serves as the parent law of the Electronic Financial Supervisory Regulations, providing the legal basis for technical and administrative security standards.


2. Structure and Key Regulatory System of the Electronic Financial Transactions Act

A. Three Core Pillars of Electronic Financial Security

    flowchart TD
    subgraph EFTA["Ensuring Safety of Electronic Financial Transactions"]
        A["Confidentiality<br/>preventing information leaks"]
        B["Integrity<br/>preventing tampering<br/>of transaction data"]
        C["Availability<br/>uninterrupted service"]
    end

    REG["Electronic Financial Supervisory Regulations"]
    REG --> EFTA
    
    style EFTA fill:#F9FAFB,stroke:#374151
  
Core AreaKey RequirementsRelated Technology/Procedure
AuthenticationVerifying user identity and confirming transaction intentAccredited certificates (and alternatives), OTP, biometric authentication
SecurityPreventing hacking and protecting electronic dataFirewalls, IPS, network segregation (logical/physical)
TraceabilityCreating and retaining transaction recordsLog analysis, anti-tampering technology

B. Network Segregation and Financial Security Governance

    flowchart LR
    subgraph INT["Internal Network"]
        SV["Operations servers / DB"]
        PC1["Business PCs"]
    end

    subgraph EXT["External Network"]
        WEB["Web servers"]
        PC2["Internet-facing PCs"]
    end

    INT <-->|"VDI / inter-network data transfer"| EXT

    style INT fill:#E3F2FD,stroke:#1976D2
    style EXT fill:#FFEBEE,stroke:#D32F2F
  
Key SystemDetailsNotes
Network segregationSeparates the business network from the internet network to block external attacksMandatory physical/logical network segregation
Strict liabilityFinancial companies bear no-fault liability principle when incidents occurStrengthens user protection
CISOChief Information Security Officer overseeing information securityMandatory appointment above a certain organizational size

3. Application and Response Direction for the Electronic Financial Transactions Act

CategoryKey Response MeasuresExpected Effect and Use
ComplianceRegular security vulnerability checks and auditsPrepares for regulator inspections and avoids sanctions
Adopting new technologyComplying with open banking and cloud-usage standardsSupports market entry and service innovation for fintech/techfin companies
Incident responseBuilding and drilling a disaster-recovery (DR) centerEnsures business continuity (BCP) during emergencies and maintains customer trust