Follow Us

Follow us on Twitter  Follow us on LinkedIn
 

31 January 2013

ECB releases final Recommendations for the security of internet payments, starts public consultation on payment account access services


Default: Change to:


The ECB released a comprehensive set of "Recommendations for the security of internet payments", following a two-month public consultation carried out in 2012. It is now consulting on draft "Recommendations for payment account access services". Deadline for comments is 12 April, 2013.


The Recommendations represent the first achievement of the European Forum on the Security of Retail Payments (SecuRe Pay). The final recommendations, key considerations and best practices specified in the report for the security of internet payments are applicable to governance authorities of payment schemes and all payment service providers (PSPs) that provide internet payment services, such as:

  • internet card payments, including virtual card payments, as well as the registration of card payment data for use in wallet solutions;
  • the execution of credit transfers on the internet;
  • the issuance and amendment of direct debit electronic mandates; and
  • transfers of electronic money between two e-money accounts via the internet. Other market participants, such as e-merchants, are encouraged to adopt some of the best practices.

The main recommendations include:

  • to protect the initiation of internet payments, as well as access to sensitive payment data, by strong customer authentication;
  • limit the number of log-in or authentication attempts, define rules for internet payment services session “time out” and set time limits for the validity of authentication;
  • establish transaction monitoring mechanisms designed to prevent, detect and block fraudulent payment transactions;
  • implement multiple layers of security defences in order to mitigate identified risks;
  • provide assistance and guidance to customers about best online security practices, set up alerts and provide tools to help customers monitor transactions.

The detailed recommendations will be integrated into existing oversight frameworks for payment schemes and supervisory frameworks for PSPs and are to be considered as common minimum requirements for internet payment services. The members of the Forum are committed to supporting the implementation of the recommendations in their respective jurisdictions and will strive to ensure effective and consistent implementation within the EEA.

The recommendations should be implemented by PSPs and governance authorities of payment schemes by 1 February 2015. National authorities may wish to define a shorter transition period where appropriate.

Now that the internet payments recommendations have been finalised, the Forum will look in detail at the topical issue of access to payment accounts. To support this work, the ECB’s Governing Council has decided to launch a public consultation on draft recommendations for payment account access services, as developed by the Forum. Payment account access services are: i) account information services providing information on several accounts in a consolidated and user-friendly way, and/or ii) payment initiation services initiating payment transactions via a person’s internet-enabled payment account. All interested parties are invited to comment on the draft “Recommendations for payment account access services” by 12 April, 2013.

Press release

Consultation



© ECB - European Central Bank


< Next Previous >
Key
 Hover over the blue highlighted text to view the acronym meaning
Hover over these icons for more information



Add new comment