In his briefing about the European Banking Authority (EBA) Guidelines on internet payment security, Olivier Maas, expert in payment security, explains how banks can handle these regulatory requirements, in preparation of the PSD2, and how Worldline can help them in their endeavors.
The EBA is currently working on the revised Payments Services Directive (PSD2), which is expected to come into in 2018-2019. While the PSD2 is being finalized, the EBA issued these requirements due to the increase in frauds in this sector.
These Guidelines set out common security requirements for payment services providers across the EU, and provide enhanced protection of EU consumers against payment fraud on the Internet. The requirements cover a range of security measures applicable to PSPs, such as risk management, customer awareness and education, and specific control and security measures applicable to online payments. They affect cards, credit transfers, e-mandate and e-money.
The Guidelines are based on the «comply or explain» principle, which means that national authorities have to notify the EBA whether they will comply with the Guidelines or otherwise explain their reason for non-compliance. Most EU countries have confirmed their compliance with the Guidelines on the security of internet payments, which are now in place - since August 1st, 2015. The EBA has made available a summary table of the compliance notifications received.
Strong Authentication is the key requirement of the EBA Guidelines to implement as it is the most efficient measure to fight against fraud, reinforce trust in the internet payment ecosystem and protect sensitive data.