22 February 2017
visit nextgenbanking.co.uk

ECB seeks to improve online payments security

31 January 2013  |  11344 views  |  5 Security

The European Central Bank has outlined plans to improve the security of Internet payments, requiring firms to beef up their customer authentication processes.

Following a two month public consultation, the central bank has set out its harmonised, minimum security recommendations, which it calls "an important set of guidelines in the fight against payment fraud".

The key plank of the plans requires payment service providers and the governance authorities of payment schemes to protect the initiation of online payments, as well as access to sensitive transaction data, through "strong customer authentication".

In addition, firms should limit the number of log-in or authentication attempts, define rules for Internet payment services session "time out" and set time limits for the validity of authentication.

Transaction monitoring mechanisms must be designed to prevent, detect and block fraudulent payment transactions, while multiple layers of security defences must be roll out in order to mitigate identified risks.

Customers should also be given assistance and guidance about best online security practices and provided with tools to help customers monitor transactions.

The recommendations will be integrated into existing oversight frameworks for payment schemes and supervisory frameworks for PSPs and will have to be implemented by 1 February 2015.

Read the full set of recommendations here

Comments: (5)

Riten Gohil
Riten Gohil - Sphonic - London | 31 January, 2013, 17:23

So this has finally come to it's conclusion and one wonders how much consideration was given to the pressing demands of the emerging digital environment. Reading through some of the detail there appears some flexibility for PSPs but I think the science behind what is considerd "Strong Authentication" will be hard to police. Best practice would be a risk-based authentication environment, with strong authentication initiated when a high-risk tansaction is detected. 

It requires local regulators to understand the commercial pressures of the burgeoing eCommerce world, without following a "tick box" approach for a world that is changing quicker than regulation allows. 

Interesting times ahead, requires sensible thought. 

 

 

 

 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 01 February, 2013, 18:46

It might be a good idea to join this up with LEI and other projects to identify the corporate/consumer. There needs to be more consumer involvment and prevent or limit concerns arround Big Brother 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune | 01 February, 2013, 18:52

Additional authentication inevitably increases friction in online payments and causes shopping cart abandonment, which results in loss of revenues. On the other hand, it is likely to reduce fraud loss. I hope the regulators leave it to e-tailers to evaluate which of these two factors proves to be of greater importance in their specific context and decide whether or not to implement tighter security.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 01 February, 2013, 19:02

Hey, who would deal on a site without tight security? Security or not is not an option. Every site must be as secure as possible and there is no trade off. Its a great way to lose your business though

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune | 02 February, 2013, 20:20

Tell an online shopper that a certain website is insecure and, sure, she'll not go near it. On the other hand, tell her that the website has implemented the latest in security technologies and will shunt her between five different websites and lose her payment once in 12 times (Cf. Skating Away With Online Payments on my company blog). Think she'll praise all the security measures and keep trying till her payment goes through? Unlikely. As I'd highlighted in The Death Of Cash Is At Least 190 Years Away, she's more likely to pay with cash. So, there's a clear trade-off between security and convenience and, as the most interested party to the transaction, the merchant should be free to decide how to strike the trade-off.

Most ecommerce websites in the USA lack security by ROW standards in that they don't use 2FA and some of them don't even ask for CVV #s. Have they lost business? No, sir, USA remains the largest ecommerce market in the world. 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

With online spending soaring, Visa Europe targets mobile in 2013

With online spending soaring, Visa Europe targets mobile in 2013

15 January 2013  |  9428 views  |  0 comments | 16 tweets | 4 linkedin
ECB explores the social costs of payments

ECB explores the social costs of payments

01 October 2012  |  5066 views  |  1 comments
E-crime costs UK retailers £205m a year - BRC

E-crime costs UK retailers £205m a year - BRC

22 August 2012  |  6864 views  |  1 comments | 1 tweets

Related company news

 

Related blogs

Create a blog about this story (membership required)
visit dh.com

Top topics

Most viewed Most shared
IBM and Visa join forces to turn billions of connected devices into points of saleIBM and Visa join forces to turn billions...
18733 views 11 comments | 56 tweets | 92 linkedin
EBA to relax controversial PSD2 authentication rulesEBA to relax controversial PSD2 authentica...
9586 views comments | 49 tweets | 67 linkedin
Kevin the bot uses blockchain to offer insurance for P2P transactionsKevin the bot uses blockchain to offer ins...
8811 views comments | 19 tweets | 15 linkedin
RBS to become fintech fund and high street outlet for challenger banks under HMT remedyRBS to become fintech fund and high street...
7518 views comments | 37 tweets | 33 linkedin
hands typing furiouslyBlockchain Technology
7306 views 0 | 5 tweets | 1 linkedin

Featured job

Six Figure Base + Commission + Stock Options
London

Find your next job