Guidelines to ensure that payment service providers have appropriate security measures to mitigate operational and security risks under the revised Payment Services Directive (PSD2) have been issued by the European Banking Authority (EBA).
These final guidelines include:
- the establishment of an effective operational and security risk management framework;
- processes that detect, prevent and monitor potential security breaches and threats;
- risk assessment procedures;
- regular testing; and
- processes to raise awareness to payment service users on security risks and risk-mitigating actions.
Clarified meaning in final PSD2 guidelines
The EBA stated that, following a three-month consultation period, it decided to further clarify and detail some terms and aspects it had proposed in the draft guidelines. In particular, the final guidelines clarify the meaning of proportionality and explain why the EBA is not regulating certification processes of security measures.
PSD2 is coming: are your banks innovating or rejecting open banking?
As we approach the January 2018 go-live date for PSD2, market players are reacting in different ways to one of the key pillars of the directive: open-banking based on APIs
PSD2: questions raised by corporate payment SCA exemption
The latest opinion published by the EBA on the revised Payments Services Directive (PSD2) raises questions on how some corporate payments will be exempt from Strong Customer Authentication
PSD2 and SCT Inst will catalyse big shift in European payments
Instant Payments are set to overtake online card payments in Europe – and the date when Instant Payments become mainstream is much closer than you might think