25 August 2016
Find out more

ECB seeks to improve online payments security

31 January 2013  |  11129 views  |  5 Security

The European Central Bank has outlined plans to improve the security of Internet payments, requiring firms to beef up their customer authentication processes.

Following a two month public consultation, the central bank has set out its harmonised, minimum security recommendations, which it calls "an important set of guidelines in the fight against payment fraud".

The key plank of the plans requires payment service providers and the governance authorities of payment schemes to protect the initiation of online payments, as well as access to sensitive transaction data, through "strong customer authentication".

In addition, firms should limit the number of log-in or authentication attempts, define rules for Internet payment services session "time out" and set time limits for the validity of authentication.

Transaction monitoring mechanisms must be designed to prevent, detect and block fraudulent payment transactions, while multiple layers of security defences must be roll out in order to mitigate identified risks.

Customers should also be given assistance and guidance about best online security practices and provided with tools to help customers monitor transactions.

The recommendations will be integrated into existing oversight frameworks for payment schemes and supervisory frameworks for PSPs and will have to be implemented by 1 February 2015.

Read the full set of recommendations here

Comments: (5)

Riten Gohil
Riten Gohil - Sphonic - London | 31 January, 2013, 17:23

So this has finally come to it's conclusion and one wonders how much consideration was given to the pressing demands of the emerging digital environment. Reading through some of the detail there appears some flexibility for PSPs but I think the science behind what is considerd "Strong Authentication" will be hard to police. Best practice would be a risk-based authentication environment, with strong authentication initiated when a high-risk tansaction is detected. 

It requires local regulators to understand the commercial pressures of the burgeoing eCommerce world, without following a "tick box" approach for a world that is changing quicker than regulation allows. 

Interesting times ahead, requires sensible thought. 

 

 

 

 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 01 February, 2013, 18:46

It might be a good idea to join this up with LEI and other projects to identify the corporate/consumer. There needs to be more consumer involvment and prevent or limit concerns arround Big Brother 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune | 01 February, 2013, 18:52

Additional authentication inevitably increases friction in online payments and causes shopping cart abandonment, which results in loss of revenues. On the other hand, it is likely to reduce fraud loss. I hope the regulators leave it to e-tailers to evaluate which of these two factors proves to be of greater importance in their specific context and decide whether or not to implement tighter security.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 01 February, 2013, 19:02

Hey, who would deal on a site without tight security? Security or not is not an option. Every site must be as secure as possible and there is no trade off. Its a great way to lose your business though

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune | 02 February, 2013, 20:20

Tell an online shopper that a certain website is insecure and, sure, she'll not go near it. On the other hand, tell her that the website has implemented the latest in security technologies and will shunt her between five different websites and lose her payment once in 12 times (Cf. Skating Away With Online Payments on my company blog). Think she'll praise all the security measures and keep trying till her payment goes through? Unlikely. As I'd highlighted in The Death Of Cash Is At Least 190 Years Away, she's more likely to pay with cash. So, there's a clear trade-off between security and convenience and, as the most interested party to the transaction, the merchant should be free to decide how to strike the trade-off.

Most ecommerce websites in the USA lack security by ROW standards in that they don't use 2FA and some of them don't even ask for CVV #s. Have they lost business? No, sir, USA remains the largest ecommerce market in the world. 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

With online spending soaring, Visa Europe targets mobile in 2013

With online spending soaring, Visa Europe targets mobile in 2013

15 January 2013  |  9228 views  |  0 comments | 16 tweets | 4 linkedin
ECB explores the social costs of payments

ECB explores the social costs of payments

01 October 2012  |  4903 views  |  1 comments
E-crime costs UK retailers £205m a year - BRC

E-crime costs UK retailers £205m a year - BRC

22 August 2012  |  6727 views  |  1 comments | 1 tweets

Related company news

 

Related blogs

Create a blog about this story (membership required)
Visit www.abe-eba.euVisit VocaLink.comVisit capgemini.com

Top topics

Most viewed Most shared
hands typing furiouslyBlockchain: what to expect for 2017?
8438 views 0 | 55 tweets | 46 linkedin
hands typing furiouslyBig Data's Three Big Trends in 2016
7102 views 5 | 22 tweets | 13 linkedin
hands typing furiouslyHow Banks Are Losing Millions by Ignoring...
6634 views 10 | 22 tweets | 8 linkedin
Nordea looking for AI and blockchain breakthroughsNordea looking for AI and blockchain break...
6186 views comments | 17 tweets | 19 linkedin

Featured job

Find your next job