Follow Us

Follow us on Twitter  Follow us on LinkedIn

17 March 2014

ECB/Eurosystem: Public note on security of payment account access services

E-commerce is a rapidly growing and globally expanding industry and has the potential to spur overall economic growth. The security of payments when buying and selling goods or services offered through the internet or other communication networks has become a matter of concern for central banks.

Ensuring the smooth operation of payment systems is one of their basic tasks. Safe and secure functioning payment systems are important for building and ensuring trust in a currency. Clarifying security requirements and extending them to new players on the market, who should be subject to appropriate supervision, will strengthen the overall security of the payment system.

This is the context in which, at the end of 2010, the ECB took the initiative to set up the European Forum on the Security of Retail Payments (the “Forum”). The Forum is composed of EU central bank overseers and banking supervisors. Its objective is to facilitate common knowledge and understanding of issues related to the security of electronic retail payment services and instruments and, where necessary, issue recommendations.

As its first achievement, the Forum released in January 2013 a final and comprehensive set of “Recommendations for the security of internet payments”. The services covered by these recommendations include - irrespective of the device used - the execution of card payments on the internet, the execution of credit transfers on the internet, the issuance and amendment of direct debit electronic mandates, and the transfer of electronic money between two e-money accounts via the internet. Harmonised security recommendations for these services constitute an important step in the fight against payment fraud and contribute to increased consumer trust in internet payments.

The internet payment recommendations exclude so called payment account access services, in which an account holder uses a third-party provider (TPP) to access his/her payment account to initiate a payment or to obtain account information. Given the distinctive features of payment account access services, the Forum decided to address them separately.

In broad terms, payment account access services include account information services and payment initiation services:

  • “account information service” means a service in which a payment service user makes use of a TPP to receive consolidated information on one or several payment accounts held by the payment service user with one or several other payment service providers.
  • “payment initiation service” means a service in which a payment service user makes use of a TPP to initiate a payment from the account the user holds at another payment service provider (PSP).

In practice, payment account access services are gaining increasing market traction and payment initiation services are already among the most important payment methods for e-commerce transactions in some Member States. The specific nature and risks of these services arise from the involvement of at least one additional entity in the payment chain and its interplay within the processing architecture of electronic retail payment services. The Forum welcomes the proposal of the European Commission to extend the Payment Service Directive (PSD) scheme to cover payment account access services and their providers. The extension of the current list of payment services to include payment initiation services and account information services is seen as a way to support innovation and competition in retail payments. The Forum expects new entrants on the market to provide security in their payment solutions on the same level as the existing market entities.

Full publication

© ECB - European Central Bank

< Next Previous >
 Hover over the blue highlighted text to view the acronym meaning
Hover over these icons for more information

Add new comment