European Payments Council updates API security franework and VOP specifications
The European Payments Council (EPC) has officially released the updated Application Programming Interface (API) security framework aimed at bolstering the security-related requirements for participants in the Verification Of Payee (VOP), SEPA Request-to-Pay (SRTP), and SEPA Payment Account Access (SPAA) schemes.
0
External
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
This framework establishes minimum security-related requirements, ensuring that all participants, whether utilising the EPC API Specifications or alternative specifications, adhere to robust security standards.
This framework will become mandatory as of 5 October 2025 for the VOP, SRTP and SPAA scheme participants when using APIs.
Meanwhile, the European Payments Council (EPC) has published the Verification Of Payee (VOP) Application Programming Interface (API) Specifications, which set out the rules for implementing VOP-related APIs in accordance with version 1.0 of the VOP scheme rulebook. These specifications will take effect on 5 October 2025.
The newly released specifications focus exclusively on VOP-related messages, including VOP Requests and VOP Responses, within the inter-Payment Service Provider (PSP) space.
Any comments in relation with these EPC VOP Inter-PSP API Specifications can be shared by email to secretariat@epc-cep.eu