When making use of new technology, all financial institutions must go through a testing phase before such technology is used for mass consumer transactions. All software used to store information should not compromise the privacy of clients. All institutions should follow this set of guidelines when using electronic identification devices, such as tokens or dynamic passwords.
Entities must require customers to change their tokens or other electronic devices every three, six or ten years, depending on the level of security which the device provides. These institutions should replace devices immediately after a case of theft, loss or damage. They are similarly asked to have transactional monitoring mechanisms to detect, prevent and react to events of fraud.