December 14, 2017
On Tuesday, the European Banking Authority (EBA) issued its final guidelines clarifying and implementing the requirements of the revised Payment Services Directive (PSD2). In the years since the first PSD was rolled out in 2009, e-commerce and the concomitant fraud have exploded along with the number of third-party fintech providers that integrate payments into mobile apps and other e-commerce innovations. Among the important topics addressed by the PSD2 is the requirement to implement strong authentication principles for all online payments to protect consumers and businesses, the mandate of 3D Secure 2.0 and codification around what kinds of PSPs can operate and what information will be available to them.
The guidelines that dropped Tuesday are aimed at payment service providers operating in the E.U. to ensure they employ “appropriate mitigation measures and control mechanisms to manage operational and security risks relating to the payment services they provide.” The final guidelines include a clarification from the earlier versions on the meaning of proportionality along with covering governance, risk assessment and data protection.