Follow Us

Follow us on Twitter  Follow us on LinkedIn

12 May 2014

ECB: Final recommendations for the security of payment account access services

Following the public consultation, the ECB published a report presenting a set of recommendations developed by the European Forum on the Security of Retail Payments, SecuRe Pay (the "Forum").

The Forum was set up in 2011 as a voluntary cooperative initiative between authorities. It aims to facilitate common knowledge and understanding, in particular between supervisors of payment service providers (PSPs) and overseers, of issues related to the security of electronic retail payment services and instruments provided within the European Union (EU)/European Economic Area (EEA) Member States.

The Forum’s work focuses on the whole processing chain of electronic retail payment services (excluding cheques and cash), irrespective of the payment channel. The Forum aims to address areas where major weaknesses and vulnerabilities are detected and, where appropriate, makes recommendations. The ultimate aim is to foster the establishment of a EU/EEA-wide harmonised level of security in this field. The authorities participating in the work of the Forum are listed in the annex.

The report complements the recommendations for the security of internet payments ("internet payments recommendations") that were published in 2012 and excluded so-called payment account access services, in which a third-party provider (TPP) accesses the payment account of a customer making a purchase on the internet or provides information from one or several accounts with one or several account-servicing PSPs. Given the distinctive features of payment account access services, the Forum decided to address them separately.

The report outlines 14 recommendations and further specifies them with key considerations (KCs). The report also includes some best practices (BPs) which TPPs, governance authorities (GAs), account-servicing PSPs and other relevant market participants are encouraged to adopt. These best practices are important as the safety of payment account access services depends on the responsible behaviour of all actors.

Full publication

© ECB - European Central Bank

< Next Previous >
 Hover over the blue highlighted text to view the acronym meaning
Hover over these icons for more information

Add new comment