Following the publication of these functional requirements[1] and the rapidly changing technology available there is a risk the document is out of date before it is agreed

The document as one may expect it is very focused on EMV technology that is based in the 1990’s.  This EMV technology was updated with the addition of contactless technology in the 2000’s and more recently mobile contactless.  This document is very focused on EMV transaction options that are acceptable to SEPA compliant schemes.

The move more recently into connected and interconnected devices for payments mean that in places the document seems light in some areas. 

Let us look at some areas that need some extra direction from SEPA:

• The use of One Time Codes for ATM cash access with no physical card.
  This type of service was first created as a lost card ‘Emergency’ cash solution via a call centre request.  With the continued evolution of mobile banking applications and cardless accounts it is evolving into an application feature that is attractive to more customers.  This may provide an essential service as bank branches continue to close. 
• The use of mobile credentials for telephone and mail order payments.
  The development of mobile credentials for m-commerce transactions could be applied to the telephone and mail order payments. The mobile credentials could be used to generate an additional One Time Code, an extended CVV, to be used in the authorisation message.  
  As smart card technologies are evolving with the development of on card displays, keyboards and fingerprint readers this functionality can be made available to cardholders as well.
• The use of Voice Recognition and Voice Authentication for telephone based payments.
  The document needs to address voice based technologies as both non-invasive customer biometric authentication and user interface to services is likely to become an important part of payments in the future.  This area could be addressed in similar way to the Dual Tone Multi Frequency (DTMF) section.

Card payments are a global industry.  This document describes the payment card functional requirements within the SEPA region only.  This means as card payment solutions become more global some requirements may be incompatible between this SEPA functional specification and global standards.  

As payments evolve to meet the needs of consumers the weaknesses in the security of card based payments are often exposed.  I believe this consultation needs to identify and set general principles to help protect card based payment transactions. If these key principles are described and published it will help ensure the SEPA documentation to cope as payment technology develops globally.

[1] Book 2 Functional Requirements SEPA Cards Standardisation Volume Vn 7.05 published 10th March 2015
www.europeanpaymentscouncil.eu