(1) A payment service provider shall have

(a) an appropriate and tested technology system which is equipped with fraud monitoring and detection tools;

(b) a valid third-party certification from a reputable certiﬁcation authority or body on compliance status with relevant standards determined by the Bank of Ghana;

(d) a cyber-security policy, where applicable.

(2) A payment service provider shall ensure that a transaction against an account of a customer is authorised by the account holder.

(3) A payment service provider shall use appropriate authentication medium approved by the Bank of Ghana.

(4) A payment service provider shall notify a customer of a transaction on the account of that customer through electronic notiﬁcation or a physical receipt.

(5) A notice given under subsection (4), shall provide at least the following information:

(a) the transaction amount,

(b) the transaction type,

(d) the date and time of the transaction,

(e) the identifying details of the recipient of an outbound transaction or of the sender of an inbound transaction, and

(f) any fees charged.

(6) Settlement shall take place against pie-funded accounts at intervals determined by the Bank of Ghana.

(7) A payment service provider shall ensure that the following minimum systems and controls are in place for the operations of the payment service provider:

(a) sound and prudent management, administrative and accounting procedures and adequate internal control systems;

(b) appropriate security policies and measures intended to safeguard the integrity, authenticity and conﬁdentiality of data and operating processes;

(d) effective audit functions to provide a periodic review of the security control environment and critical systems.

(8) A payment service provider shall ensure that the system maintains a complete audit log of all user activities for at least six years.