EBA consults on Guidelines on security measures for operational and security risks under the PSD2
The European Banking Authority (EBA) launched today a consultation on its draft Guidelines on security measures for operational and security risks under the revised Payment Services Directive (PSD2). The Guidelines have been developed in close cooperation with the European Central Bank (ECB), and are in support of the objectives of PSD2, such as strengthening the integrated payments market in the EU, mitigating the increased security risks arising from electronic payments, and promoting equal conditions for competition. The consultation runs until 7 August 2017.
PSD2 requires payment service providers (PSPs) to establish a framework with appropriate mitigation measures and control mechanisms to manage operational and security risks arising from the payment services they provide, and has mandated the EBA to specify the details of these requirements.
In particular, these draft Guidelines cover the governance of the operational and security risk management framework, the risk management and control models, outsourcing, the identification, classification and risk assessment of functions, processes and assets, as well as the protection of the integrity of data, systems and confidentiality, physical security and asset control.
In addition, the draft Guidelines propose requirements in relation to the monitoring, detection and reporting of security incidents and risks, business continuity management, scenario-based continuity plans, incident management and crisis communication, the testing of security measures, and situational awareness and continuous learning. Finally, in order to ensure that the security measures implemented by the PSPs are well communicated to payment service users (PSUs) the Guidelines also cover the management of the relationship with PSUs.
The consultation period will run from 5 May 2017 to 7 August 2017. The final Guidelines will be published after this consultation.
For more details download the Consultation Paper – Draft Guidelines on the security measures for operational and security risks of payment services under PSD2
Source: European Banking Authority
Anders Olofsson – former Head of Payments Finastra
Banking 4.0 – „how was the experience for you”
„So many people are coming here to Bucharest, people that I see and interact on linkedin and now I get the change to meet them in person. It was like being to the Football World Cup but this was the World Cup on linkedin in payments and open banking.”
Many more interesting quotes in the video below:
