ECB new guide to assess security of internet payments

The European Central Bank (ECB) has given its backing to a new guide for assessing the security of Internet payments across the EU. Assessment covers governance, risk management and mitigation, and protection of sensitive data.

Last January the ECB outlined plans (PDF) to improve the security of Internet payments, setting out a series of recommendations to be integrated into existing oversight frameworks across the continent.

To help governance authorities and payment schemes get ready for the February 2015 deadline for meeting the new requirements, a guide has been put together by the European Forum on the Security of Retail Payments. Endorsed by the ECB, the Assessment guide for the security of internet payments provides clarity on issues such as strong (multi-factor) customer authentication and the protection of sensitive payment data.

Under the ECB plans, payment service providers will be required to protect the initiation of online payments, as well as access to sensitive transaction data, through strong customer authentication. In addition, firms should limit the number of log-in or authentication attempts, define rules for Internet payment services session „time out” and set time limits for the validity of authentication.

As finextra.com mentioned, The ECB is also working on proposals for boosting the security of mobile payments, with rules set to come in by February 2017.