Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

New Security Guidelines For Online Payments in the EU

In response to the increase in online payment fraud, the European Banking Authority (EBA) published last week a set of minimum security requirements that payment services providers in the European Union are expected to implement by August 1, 2015.

In response to the increase in online payment fraud, the European Banking Authority (EBA) published last week a set of minimum security requirements that payment services providers in the European Union are expected to implement by August 1, 2015.

Studies show that in 2012 Internet payment fraud caused losses of €794 million in the EU. In an effort to address the issue, EBA has decided to develop a more secure framework for online payments.

The final version of the guidelines is based on technical input from the European Forum on the Security of Retail Payments (SecuRe Pay), an organization established in 2011 by supervisors of payment service providers and central banks.

The guidelines apply for card payments made on the Internet (including registration of data for virtual wallets), credit transfers, e-mandates, and electronic money transfer. The requirements include general control and security environment recommendations for governance, risk assessment, incident monitoring and reporting, risk control and mitigation, and traceability.

As for specific control and security measures, the guidelines focus on initial customer identification, strong customer authentication, transaction monitoring, delivery of authentication tools, account log-in, and payment card data protection.

Service providers are also instructed to conduct awareness programs to ensure that costumers understand both the risks and best practices of online payments.

Payment service providers might be required to report to competent authorities that they are complying with the new guidelines.

“The EBA guidelines on internet payments provide the legal basis for achieving a level playing field for all PSPs across the EU. Through this piece of work, the EBA looked into supporting the development of e-commerce across the EU, while ensuring proper protection of consumers,” commented Geoffroy Goffinet, of the EBA Consumer Protection Unit.

Advertisement. Scroll to continue reading.

In July 2013, the European Commission adopted a legislative package proposing a revised Payments Services Directive, also know as PSD2. According to the EBA, the new guidelines will provide a legal basis for online payments in the EU until the PSD2 is finalized.

The European Union has put a lot of effort into ensuring the safety of personal data. The Commission is preparing tougher data protection laws for Internet companies operating in the EU.

The European Union Agency for Network and Information Security (ENISA) is also focusing on personal data security. In November, the agency released two reports on the use and implementation of cryptographic protocols for securing personal data.

The final guidelines on the security of Internet payments (PDF) is available online.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Compliance

Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Compliance

Web scraping is a sensitive issue. Should a third party be allowed to visit a website and use automated tools to gather and store...

Cloud Security

Proofpoint removes a formidable competitor from the crowded email security market and adds technology to address risk from misdirected emails.

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...