Welcome to Finextra. We use cookies to help us to deliver our services. We'll assume you're ok with this, but you may change your preferences at our Cookie Centre.
Please read our Privacy Policy.

Accept
Channels
News
See Headlines ยป

Related Companies

European Central Bank (ECB)

Channels

Retail banking Security Payments

Keywords

Cards Mobile & online banking Authentication E-commerce Electronic bill presentment and payment
ECB seeks to improve online payments security

ECB seeks to improve online payments security

The European Central Bank has outlined plans to improve the security of Internet payments, requiring firms to beef up their customer authentication processes.

Following a two month public consultation, the central bank has set out its harmonised, minimum security recommendations, which it calls "an important set of guidelines in the fight against payment fraud".

The key plank of the plans requires payment service providers and the governance authorities of payment schemes to protect the initiation of online payments, as well as access to sensitive transaction data, through "strong customer authentication".

In addition, firms should limit the number of log-in or authentication attempts, define rules for Internet payment services session "time out" and set time limits for the validity of authentication.

Transaction monitoring mechanisms must be designed to prevent, detect and block fraudulent payment transactions, while multiple layers of security defences must be roll out in order to mitigate identified risks.

Customers should also be given assistance and guidance about best online security practices and provided with tools to help customers monitor transactions.

The recommendations will be integrated into existing oversight frameworks for payment schemes and supervisory frameworks for PSPs and will have to be implemented by 1 February 2015.

Read the full set of recommendations here

Related Companies

European Central Bank (ECB)

Channels

Retail banking Security Payments

Keywords

Cards Mobile & online banking Authentication E-commerce Electronic bill presentment and payment

Sponsored: [Upcoming Webinar] Instant Payments and their impact on the fraud landscape

Comments: (5)

Riten Gohil
Riten Gohil - Sphonic - London 31 January, 2013, 17:23Be the first to give this comment the thumbs up 0 likes

So this has finally come to it's conclusion and one wonders how much consideration was given to the pressing demands of the emerging digital environment. Reading through some of the detail there appears some flexibility for PSPs but I think the science behind what is considerd "Strong Authentication" will be hard to police. Best practice would be a risk-based authentication environment, with strong authentication initiated when a high-risk tansaction is detected. 

It requires local regulators to understand the commercial pressures of the burgeoing eCommerce world, without following a "tick box" approach for a world that is changing quicker than regulation allows. 

Interesting times ahead, requires sensible thought. 

 

 

 

 

Report abuse
Gary Wright
Gary Wright 01 February, 2013, 18:46Be the first to give this comment the thumbs up 0 likes

It might be a good idea to join this up with LEI and other projects to identify the corporate/consumer. There needs to be more consumer involvment and prevent or limit concerns arround Big Brother 

Report abuse
Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 01 February, 2013, 18:52Be the first to give this comment the thumbs up 0 likes

Additional authentication inevitably increases friction in online payments and causes shopping cart abandonment, which results in loss of revenues. On the other hand, it is likely to reduce fraud loss. I hope the regulators leave it to e-tailers to evaluate which of these two factors proves to be of greater importance in their specific context and decide whether or not to implement tighter security.

Report abuse
Gary Wright
Gary Wright 01 February, 2013, 19:02Be the first to give this comment the thumbs up 0 likes

Hey, who would deal on a site without tight security? Security or not is not an option. Every site must be as secure as possible and there is no trade off. Its a great way to lose your business though

Report abuse
Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 02 February, 2013, 20:20Be the first to give this comment the thumbs up 0 likes

Tell an online shopper that a certain website is insecure and, sure, she'll not go near it. On the other hand, tell her that the website has implemented the latest in security technologies and will shunt her between five different websites and lose her payment once in 12 times (Cf. Skating Away With Online Payments on my company blog). Think she'll praise all the security measures and keep trying till her payment goes through? Unlikely. As I'd highlighted in The Death Of Cash Is At Least 190 Years Away, she's more likely to pay with cash. So, there's a clear trade-off between security and convenience and, as the most interested party to the transaction, the merchant should be free to decide how to strike the trade-off.

Most ecommerce websites in the USA lack security by ROW standards in that they don't use 2FA and some of them don't even ask for CVV #s. Have they lost business? No, sir, USA remains the largest ecommerce market in the world. 

Report abuse
Join the discussion

Write a blog post about this story (membership required)

[New Survey Report] Definitive Differentiators - Forging a future-proof payments model[New Survey Report] Definitive Differentiators - Forging a future-proof payments model

Trending

Related News
With online spending soaring, Visa Europe targets mobile in 2013

With online spending soaring, Visa Europe targets mobile in 2013

ECB explores the social costs of payments

ECB explores the social costs of payments

E-crime costs UK retailers £205m a year - BRC

22 Aug 2012

Trending

  1. UK government announces open finance task force

  2. Canada's real-time payment system won't launch before 2026

  3. Temenos rejects Hindenburg claims after probe completed

  4. Blair Institute sets out 'progressive vision' for fintech

  5. Revolut valuation raised 45% by investor

Research
See all reports »
The Future of UK Fintech - 2015-2035

The Future of UK Fintech - 2015-2035

Definitive Differentiators - Forging a future-proof payments model

Definitive Differentiators - Forging a future-proof payments model

APP Fraud Liability: A Guide for Banks

APP Fraud Liability: A Guide for Banks