The European Central Bank (ECB) has given its backing to a new guide for assessing the security of Internet payments across the EU.
Last January the ECB outlined plans (PDF) to improve the security of Internet payments, setting out a series of recommendations to be integrated into existing oversight frameworks across the continent.
To help governance authorities and payment schemes get ready for the February 2015 deadline for meeting the new requirements, a guide has been put together by the European Forum on the Security of Retail Payments.
Endorsed by the ECB, the guide provides clarity on issues such as strong (multi-factor) customer authentication and the protection of sensitive payment data.
Under the ECB plans, payment service providers will be required to protect the initiation of online payments, as well as access to sensitive transaction data, through strong customer authentication.
In addition, firms should limit the number of log-in or authentication attempts, define rules for Internet payment services session "time out" and set time limits for the validity of authentication.
The ECB is also working on proposals for boosting the security of mobile payments, with rules set to come in by February 2017.