Compliance Checklist — Response¶
To: IP Payment Solution Co., Ltd. From: OneWallet Team Subject: BOT Notification No. 18/2568 — Security of Financial and Payment Services on Mobile Devices for e-Money Mobile Applications Date: 2026-04-23 Document version: 1.0
1. Impersonation Prevention (Unauthorized Transactions)¶
| Item | Status | Timeline |
|---|---|---|
| 1.1 Do not send links via SMS, email, or social media for identity verification (unless user requested) | In Progress | Before go-live (within 2 weeks) |
| 1.2 Have process to monitor/respond to fake apps | Not Completed | Within 4 weeks |
| 1.3 Limit one user per device | Not Completed | Within 4 weeks |
| 1.4 Face verification + liveness detection for high-value transactions | In Progress | Within 6 weeks |
| 1.5 Set daily transfer limits based on risk | Completed | — |
2. Service Security¶
| Item | Status | Timeline |
|---|---|---|
| 2.1 Do not store sensitive data on device | Completed | — |
| 2.2 Limit sensitive display / blur screen | Not Completed | Within 2 weeks |
| 2.3 Use secure protocol + encryption | Completed | — |
| 2.4 Request only necessary permissions | In Progress | Within 1 week (permission audit) |
| 2.5 Block outdated app versions | Not Completed | Within 3 weeks |
| 2.6 Anti-tampering protection | Not Completed | Within 6 weeks |
| 2.7 Secure session management | Completed | — |
| 2.8 Protect source code | Not Completed | Within 2 weeks |
| 2.9 Block rooted/jailbroken devices | Not Completed | Within 3 weeks |
| 2.10 Block risky concurrent apps | Not Completed | Within 4 weeks |
| 2.11 Avoid high-risk devices (TB-CERT) | Not Completed | Within 6 weeks (includes TB-CERT feed subscription) |
Summary¶
| Status | Count |
|---|---|
| Completed | 4 / 16 |
| In Progress | 3 / 16 |
| Not Completed | 9 / 16 |
Overall target: full compliance with BOT Notification No. 18/2568 before production launch (go-live).
Evaluator: ___ Department: ___
Date: ___ Signature: ___