.jpg)
An Increasing Amount of fraud HAS led the European Union's banking authority to craft a new set of guidelines for members to secure online payments with strong authentication tools.
The European Banking Authority (EBA), an EU body That Regulates and supervised the banking sector, Issued the guidelines last week That push payment providers Service (PSPs) to adopt two-factor authentication as a standard for Verifying the identity and intentions are all customers in online transactions.
The EBA guidelines are based on the recommendations Developed and published in January 2013 by the European Forum on the Security of Retail Payments (Secure Pay).
The EBA is using icts status to build a legal baseline for implementation of security on Internet payments across all 28 EU members. The guidelines are for PSPs, the middlemen entre websites and banks That Facilitate Internet money transfers.
New security guidelines are slated for release in 2017-2018 as share of EU's Payment Services Directive (PSD), a set of security guidelines covering risk assessment, governance, monitoring / reporting, and Stronger authentication Among --other guidelines.
Aim the EBA Thinks it is unwise to wait for Those guidelines, qui do Provide more stringent rules, and is aiming at August 1, 2015 for PSPs to-have implementations of ict revised plans. The August day is Considered a first step with PSD he slated as the next move.
The EBA 'cited statistics on card fraud Internet payments Showed That € 794 million in Losses in 2012 in card-not-present fraud, an Increase of 21 percent over the previous year.
There Was Some discussions Among members as to how and when the implementation deadlines set Should Be Given Existing work on the PSD. Goal in the end, the EBA Decided to publish, Concluding icts in 41-page paper guidelines That "a lack of security is Continuing to Undermine the confidence of market participants in payment systems and therefore That a Timely and consistent Regulatory response is required."
In icts guidelines, the EBA About did Clarify the definition of "authentication" based on feedback from members, Saying strong customer authentication is based on the use of two or more Elements, Including something you know, something a user possesses (token, etc.) , or something the user is (biometric, etc.)
All forms authentication Must Be Mutually independent so one can not compromise l'autre. It called Expired aussi pour authenticators That Were not reusable, non-replicable, and not able of Being stolen off the internet. In addition, the strong authentication Had to protect confidentialité of the authentication data and Be tamper proof.
0 comments:
Post a Comment