EBA Eases Strong Customer Authentication Requirements under PSD2

On 23 February the European Banking Authority (EBA) proposed its final draft Regulatory Technical Standards (RTS) on Strong Customer Authentication and Common and Secure Communication (CSC) under PSD2 to the European Commission (EC). On 24 May the Commission sent a letter to the EBA, stating its intent to amend the final draft RTS. The EBA published this letter as well as the amended RTS on its website. The Commission proposes… Read more


EBA Eases Strong Customer Authentication Requirements under PSD2

On Thursday 23 February, the European Banking Authority (EBA) published its long-awaited final draft Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and Common and Secure Communication (CSC) under the revised Payment Services Directive (PSD2). In general the EBA has relaxed its requirements compared to the RTS in the EBA’s Consultation Paper from August 2016. Here are the most important changes: Transaction risk analysis. The final draft RTS introduces… Read more


SMS Authentication

Banks and payment service providers sometimes rely on SMS to verify the identity of a person who wishes to make a wire transfer or confirm a payment. They send an SMS message with a one-time password (OTP) to the person’s mobile phone, and the user has to enter this OTP into the application of the bank or payment service provider. In this blog post I discuss whether SMS-based authentication will… Read more


What does the new Directive on Payment Services (PSD2) Mean for PSPs?

On October 8th, the European Parliament adopted the revised Directive on Payment Services, also known as PSD2. This new directive, which is the long awaited successor of the first Payment Services Directive from 2007, aims to harmonize the European retail payments market, which is very much fragmented along national borders, and foster the adoption of innovative, easy-to-use and secure payment schemes. PSD2 is the latest development in a series of… Read more


Security of Internet payments – National authorities enforcing EBA Guidelines

Last Thursday, on 21 May 2015, the European Banking Authority (EBA) published the compliance notifications from the various European national authorities regarding the enforcement of the EBA Guidelines for the Security of Internet Payments. I already discussed the Guidelines in an earlier blogpost. This blogpost provides an update in light of the publication of the compliance notifications by the EBA. Background On December 19, 2014, the European Banking Authority (EBA)… Read more


Security of Internet Payments: Legislative Developments in Europe

In January 2013, the SecuRe Pay forum of the European Central Bank (ECB) published its “Recommendations for the security of Internet payments”. With these recommendations, SecuRe Pay aimed to create a minimum level for the security of Internet payments, and to harmonize the security of payments within the European Economic Area (EEA). Since then, many regulatory and legislative initiatives related to electronic payment security have occurred. The SecuRe Pay forum… Read more