Following a two month public consultation, the European Central Bank has set out its harmonised, minimum security recommendations, which it calls „an important set of guidelines in the fight against payment fraud”. The key plank of the plans requires payment service providers and the governance authorities of payment schemes to protect the initiation of online payments, as well as access to sensitive transaction data, through „strong customer authentication”.
In addition, firms should limit the number of log-in or authentication attempts, define rules for Internet payment services session „time out” and set time limits for the validity of authentication.
Transaction monitoring mechanisms must be designed to prevent, detect and block fraudulent payment transactions, while multiple layers of security defences must be roll out in order to mitigate identified risks.
Customers should also be given assistance and guidance about best online security practices and provided with tools to help customers monitor transactions.
The recommendations will be integrated into existing oversight frameworks for payment schemes and supervisory frameworks for PSPs and will have to be implemented by 1 February 2015.
Banking 4.0 – „how was the experience for you”
„So many people are coming here to Bucharest, people that I see and interact on linkedin and now I get the change to meet them in person. It was like being to the Football World Cup but this was the World Cup on linkedin in payments and open banking.”
Many more interesting quotes in the video below: