Loading...
|
Please use this identifier to cite or link to this item:
https://nccur.lib.nccu.edu.tw/handle/140.119/131459
|
| Title: | 論數位身分制度於銀行業之應用與管理法制
A Study on Application and Regulatory Framework of Digital Identity System in Banking Industry |
| Authors: | 陳俐伶
Chen, Li-Ling |
| Contributors: | 楊培侃
Yang, Pei-Kan
陳俐伶
Chen, Li-Ling |
| Keywords: | 數位身分
身分驗證
數位身分指引
客戶盡職調查
Digital Identity
Authentication
Guidance on Digital Identity
Customer Due Diligence |
| Date: | 2020 |
| Issue Date: | 2020-09-02 11:39:35 (UTC+8) |
| Abstract: | 在網際網路時代下,數位身分的概念隨之而生,其係運用電子化方式擷取、儲存可指涉到特定個人的信物或是身分屬性。而當身分資料與身分提供者所核發之信物結合,再運用有效方式去驗證身分時,就可確認一個人是否具備他所聲稱之身分。
數位身分之管理國際上分別有歐盟、美國、ISO以及FATF訂出相關規範或指引,原則是根據風險基礎方法,根據識別及驗證身分之嚴謹程度訂出不同的保證等級,再依行為之風險決定應採行之保證等級,行為風險越大則應採行之保證等級越大,反之,行為風險越小,則採行較低水準之保證等級。
根據國際規範及標準分析我國銀行實務上識別及驗證客戶身分之做法,得出有根據相應之風險選擇適當保證等級之結論,且符合FATF客戶盡職調查之建議。但筆者根據自身在第一線工作之觀察,認為現行做法實際上仍有改善之空間,惟為了達成普惠金融的目標,做法應在監理與彈性之間取得平衡。
此外,本文透過比較分析歐盟、美國及ISO之規範和國際標準,認為我國可以借鑑國際之做法,直接規範保證等級,在實務上比較具有彈性;同時建議我國參照FATF之數位身分指引做出相應之修正,透過法律正式授權,讓銀行業者在進行客戶盡職調查時較無後顧之憂。
In digital age, the concept of digital identity comes into being. That is a set of electronically captured and stored attributes and credentials that can uniquely identify a person. When the identity data is combined with credentials issued by identity providers and further authenticate an individual through effective methods, it can decide whether a person is who he claims.
European Union, the United States, ISO and FATF provide relevant regulations or guidance for managing digital identity. Based on risk-based approach, these regulations or guidance set different levels of assurance in accordance with the rigor of identification and authentication of identity, and then determine the levels of assurance that should be adopted according to the risk of the behavior. The greater the behavioral risk, the higher level of assurance that should be adopted. On the contrary, the lower the behavioral risk, the lower the level of assurance.
After analyzing the practice of identifying and authenticating customer identities in selected banks of Taiwan, we find that the appropriate level of assurance is determined based on the corresponding risks, and it complies with the FATF’s recommendations of customer due diligence. However, there is still room for improvement. In order to achieve the goal of financial inclusion, the practice should strike a balance between supervision and flexibility. At last, our government can learn from international practices and directly regulate the level of assurance, which is more flexible. At the same time, it is recommended that our government refer to the FATF`s guidance on digital identity to make corresponding amendments. Through legal authorization, banks are entitled to operate digital identity system without the fear of running afoul of rules when conducting customer due diligence. |
| Reference: | 壹、中文
一、專書
1.協合國際法律事務所,2019年,《變革中的金融科技法制》
2.洪杰文、歸偉夏,2016年,《新媒體技術》
二、期刊論文
1.李中仁,2018年,以多因子驗證機制強化身分驗證之安全性,財金資訊季刊,92期
2.財團法人金融聯合徵信中心編輯部,2008年,紙上談信「當事人信用報告」13項資訊讓信用一覽無餘,金融聯合徵信雜誌, 1月號
3.黃世欽,2018年,生物辨識技術與我國金融機構之運用,銀行公會會訊第103期
4.蘇柏毓,2020年,淺談 Mobile ID 安全之法令要求與應用案例,NCC News,第14卷
三、學位論文
1.陳徽,2018年,歐盟與美國電子身份管理立法比較研究,暨南大學碩士學位論文
2.黃鈺書,身分辨識於保險科技之應用相關法律問題研究,東吳大學法律學系碩士論文(2019年)
四、研究資料
1.CAMS第六版
五、網路資料
1.內政部憑證管理中心,https://moica.nat.gov.tw/faq_in_c_18_3.html#
2.內政部憑證管理中心,什麼是自然人憑證,https://moica.nat.gov.tw/what.html
3.王立恒,【國外eID實例:愛沙尼亞】技術、法源、開源三管齊下,2千項數位服務才能安心用eID,https://www.ithome.com.tw/news/117367
4.李啟榮,數位身分證技術探討(一):數位身分證的多元服務和個資安全保障,https://www.find.org.tw/index/wind/browse/ed504f626f4cf18dc3fa58f273a6e8d3/
5.周峻佑,透過簡訊執行二次驗證不再安全,美國國家標準技術研究所建議別再使用,https://www.ithome.com.tw/news/112845
6.金融監督管理委員會,銀行線上服務全面升級,https://www.fsc.gov.tw/ch/home.jsp?id=96&parentpath=0,2&mcustomize=news_view.jsp&dataserno=201905140002&aplistdn=ou=news,ou=multisite,ou=chinese,ou=ap_root,o=fsc,c=tw&dtable=News
7.金融監督管理委員會銀行局,未來獨資組織、本國未成年人及外國成年人符合一定條件將可直接透過網路開立存款帳戶,https://www.banking.gov.tw/ch/home.jsp?id=169&parentpath=0,2&mcustomize=news_view.jsp&dataserno=201911280002&toolsflag=Y&dtable=News
8.倡議編輯室,聯合國永續發展目標SDGs 你我都不能缺席,https://ubrand.udn.com/ubrand/story/12117/3783886
9.財金資訊股份有限公司,公司介紹,https://www.fisc.com.tw/tc/profile/index.aspx
10.財團法人聯合信用卡處理中心,信用卡輔助持卡人身分驗證平臺,https://www.nccc.com.tw/wps/wcm/connect/zh/home/BusinessOperations/CardBusiness/CardVerificationPlatform
11.郭幸宜,數位帳戶兩大優勢 至去年底開戶數338.4萬戶 年增1.24倍,https://news.cnyes.com/news/id/4439485
12.陳奕甫,數位身分(Digital Identity),https://medium.com/@yfc/%E6%95%B8%E4%BD%8D%E8%BA%AB%E5%88%86-digital-identity-414a1cc5cba6
13.經濟部國際貿易局,新加坡、紐西蘭及智利宣布完成「數位經濟夥伴協定(Digital Economy Partnership Agreement, DEPA)」談判,並預計於2020年4月簽署,https://www.gov.tw/News_Content.aspx?n=872E51DB9B88306C&sms=53E09032BF601A56&s=6966B4C8347F7285
14.蔣宜婷,eID模範生的建議:信任比技術更重要,https://www.businesstoday.com.tw/article/category/80398/post/202002190015/eID%E6%A8%A1%E7%AF%84%E7%94%9F%E7%9A%84%E5%BB%BA%E8%AD%B0%EF%BC%9A%E4%BF%A1%E4%BB%BB%E6%AF%94%E6%8A%80%E8%A1%93%E6%9B%B4%E9%87%8D%E8%A6%81
15.駐新加坡台北代表處,新加坡、紐西蘭和智利簽訂數位經濟夥伴關係協議(DEPA),https://www.taiwanembassy.org/sg/post/29695.html
16.羅正漢,基於區塊鏈技術的身分驗證方興起,強調零信任與去識別化,https://www.ithome.com.tw/news/129143
貳、英文
一、研究資料
1.CAMS, Audit Advanced Certification –Digital Identification Methods and Testing for AML Programs
2.Capgemini & BNP Paribas (2018), World Payments Report 2018, accessed online at: https://worldpaymentsreport.com/wp-content/uploads/sites/5/2018/10/WorldPayments-Report-2018.pdf
3.International Data Corporation (IDC), IDC Future Scape: Worldwide IT Industry 2019 Predictions
4.The Boston Consulting Group, The Value of Our Digital Identity, https://2zn23x1nwzzj494slw48aylw-wpengine.netdna-ssl.com/wp-content/uploads/2017/06/The-Value-of-Our-Digital-Identity.pdf
5.The Global Partnership for Financial Inclusion-GPFI(2018), G20 Digital Identity Onboarding, https://www.gpfi.org/sites/gpfi/files/documents/G20_Digital_Identity_Onboarding.pdf
二、國際組織資料
1.FATF, Guidance on Anti-Money Laundering and Terrorist Financing Measures and Financial Inclusion
2.FATF, Guidance on Digital Identity
3.FATF, The FATF Recommendations
4.World Bank Group, GSMA & SIA, Digital Identity: Towards Shared Principles for Public and Private Sector Cooperation, http://documents.worldbank.org/curated/en/600821469220400272/pdf/107201-WP-PUBLIC-WB-GSMA-SIADigitalIdentity-WEB.pdf
三、官方資訊
1.3 CFR 13681 - Executive Order 13681 of October 17, 2014. Improving the Security of Consumer Financial Transactions, https://www.govinfo.gov/content/pkg/CFR-2015-title3-vol1/pdf/CFR-2015-title3-vol1-eo13681.pdf
2.NIST, Digital Identity Guideline, Special Publication(SP)800-63-3
3.UNCITRAL Working Group, https://undocs.org/en/A/CN.9/WG.IV/WP.162
4.United Nations, https://sustainabledevelopment.un.org/sdg16
四、網路資料
1.ACAMS, Digital Identity and Financial Crimes, https://www.acamstoday.org/digital-identity-and-financial-crimes-2/
2.Asian Trade Centre, UNPACKING THE DIGITAL ECONOMY PARTNERSHIP AGREEMENT (DEPA), http://asiantradecentre.org/talkingtrade/unpacking-the-digital-economy-partnership-agreement-depa
3.Blockchain for the SDG, https://blockchain4sdg.com/digital-identity-sdg-16-9-providing-legal-identity-for-all/
4.FIDO Alliance, https://www.slideshare.net/FIDOAlliance/nist-80063-guidance-fido-authentication |
| Description: | 碩士
國立政治大學
國際經營與貿易學系
103351046 |
| Source URI: | http://thesis.lib.nccu.edu.tw/record/#G0103351046 |
| Data Type: | thesis |
| DOI: | 10.6814/NCCU202001680 |
| Appears in Collections: | [國際經營與貿易學系 ] 學位論文
|
Files in This Item:
| File |
Description |
Size | Format | |
|---|
| 104601.pdf | | 2496Kb | Adobe PDF2 | 885 | View/Open |
|
All items in 政大典藏 are protected by copyright, with all rights reserved.
|
