In November 2015 the Council of the European Union adopted the Revised Payment Services Directive, also known as PSD2. The latter set of recommendations was not further developed by the EBA. These EBA guidelines are in effect since August 1 st 2015 in most member states of the European Union. The former set of recommendations was republished by the European Banking Authority as the Final guidelines on the security of Internet payments. In 2013, the SecuRe Pay forum of the European Central Bank (ECB) published its Recommendations for the security of Internet payments, as well as its (draft) Recommendations for the security of mobile payments. The initiatives for these guidelines and regulations originated from the European financial regulators as well as the European Commission. In recent years, the security of electronic payments has more and more become the subject of supranational guidelines and regulations in Europe. Finally I explain which authentication solutions are most likely to meet the requirements of the final draft RTS. Subsequently I present and discuss the most important requirements from the final draft RTS, and point out changes to the previous version of the draft RTS. I first provide some background about the history of the final draft RTS, and then discuss common authentication solutions that are used by many online banking and mobile banking applications today. In this blog post I analyze which strong authentication and transaction risk analysis solutions can comply with the requirements about SCA in the final draft RTS.
On Thursday February 23 rd, the European Banking Authority (EBA) published its long-awaited final draft Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and Common and Secure Communication (CSC) under the revised Payment Services Directive (PSD2).
0 kommentar(er)
