EBA Issues Final Guidelines on Internet Payment Security for European PSPs
Dec. 22, 2014
On Friday, the European Banking Authority (EBA) published final guidelines on Internet payment security in the EU. The guidelines, which establish recommendations for authentication that PSPs must carry out to verify their customers’ identities when making online payments, will go into effect in August 2015. In addition to stronger authentication, PSPs will be required to ensure their users understand risks and best practices in Internet payments.
“The EBA guidelines on Internet payments provide the legal basis for achieving a level playing field for all PSPs across the EU,” said Geoffroy Goffinet of the EBA Consumer Protection Unit. “Through this piece of work, the EBA looked into supporting the development of e-commerce across the EU, while ensuring proper protection of consumers.”
In addition to guiding PSPs on authentication to combat fraud, the guidelines also require that payments companies encourage their merchant clients not to store any sensitive payment data or require that they have adequate security in place to protect such data.
The guidelines are based on recommendations made by the European Forum on the Security of Retail Payments issued in 2013.