EBA publishes final guidelines on PSD2 security measures
by Bija Knowles
Guidelines to ensure that payment service providers have appropriate security measures to mitigate operational and security risks under the revised Payment Services Directive (PSD2) have been issued by the European Banking Authority (EBA).
These final guidelines include:
- the establishment of an effective operational and security risk management framework;
- processes that detect, prevent and monitor potential security breaches and threats;
- risk assessment procedures;
- regular testing; and
- processes to raise awareness to payment service users on security risks and risk-mitigating actions.
Clarified meaning in final PSD2 guidelines
The EBA stated that, following a three-month consultation period, it decided to further clarify and detail some terms and aspects it had proposed in the draft guidelines. In particular, the final guidelines clarify the meaning of proportionality and explain why the EBA is not regulating certification processes of security measures.
Like this item? Get our Weekly Update newsletter. Subscribe today