Nowadays, companies and businesses can expand their market reach thanks to the different financial services available, among which online payments stand out.
Online payments have made purchasing more flexible and agile and boosted e-commerce. However, many financial institutions and companies currently offer this service, which has led to specific rules, regulations, and guidelines regulating this activity.
Among these guidelines are those issued by the European Banking Authority (EBA) related to Internet payment security. Below, we will learn more about these guidelines that regulate companies that provide financial services, such as Pilsenga.
European Banking Authority (EBA)
The European Banking Authority (EBA) is an independent authority of the European Union charged with maintaining European financial stability by ensuring the European banking sector’s efficiency, integrity, and orderly functioning. Although it is an independent body of the European Union, the EBA is “accountable” to the European Council, the European Commission, and the European Parliament.
The EBA helps create a level playing field and provides high protection for users, depositors, investors, and consumers through prudential rules for all financial institutions within the European Union, adopting different standards, regulations, and technical guidelines.
EBA Guidelines on the Security of Internet Payments
In 2007, the EBA published guidelines on Internet payment security based on the European Forum’s recommendations on the Security of Retail Payments (SecuRe Pay). These guidelines set out the minimum security requirements to be implemented by Payment Service Providers (PSPs) within the European Union. Through these guidelines, the aim was to provide more details on how to interpret the provisions of the Directive that was applicable at the time (PSD1) and thus achieve a significant improvement in the security of internet payment services, seeking to minimize the risks of the growing wave of online fraud that existed at the time.
Among the essential recommendations stipulated in PSD1 were strong customer authentication to protect the initiation of Internet payments and access to confidential payment data, limiting the number of login or authentication attempts, defining rules for the timeout of each session in Internet payment services, and establishing time limits for the validity of authentication. It is worth noting that PSD1 laid the foundations for the European market and its current SEPA payments system.
The revised Payment Services Directive (PSD2) and related EBA instruments supporting PSD2 led to the repeal of these guidelines (PSD1) by 2021
Payment Services Directive (PSD2)
PSD2, or the Revised Payment Services Directive, plays a vital role in legislation related to electronic payments within the European Union. PSD2 came into force in 2016 and replaced its predecessor, the Payment Services Directive (PSD1). This directive seeks to promote innovation, consumer protection, and security in internet payments within the European Union.
PSD2 aims to level the playing field for payment service providers by including new players, fostering a more integrated and efficient European payments market, contributing to safer payment systems, and seeking constant improvement in protecting consumers and businesses within the European financial market and system.
Guidelines or instruments developed by the EBA in support of PSD2
The EBA has developed many instruments that have played an essential role in implementing the Revised Services Directive (PSD2), which serves as guidelines that regulate financial sector companies such as Pilsenga. Among the most critical guidelines or instruments developed by the EBA to support PSD2 are the following:
Guidelines on security measures
The EBA, in conjunction with the European Central Bank (ECB), developed guidelines related to security measures (under PSD2), which seek to contribute to the creation of an integrated payments market, promote a level playing field for competition among companies offering the service, and significantly minimize security risks related to internet payments or electronic payments. Some of the guidelines included in PSD2 are the following:
– Strong customer authentication (SCA): They mention that companies should implement additional measures to authenticate customers when conducting electronic transactions; this may include multiple authentication factors, such as passwords, SMS codes, fingerprints, etc.
– Secure communication: They mention that payment service providers must communicate securely between the different actors involved in electronic transactions, such as banks, merchants, and payment service providers.
– Notification of security incidents: They mention that entities must notify the competent authorities of any security incident that may affect the security of payment services.
Authorization and Registration Guidelines
The guidelines developed by the EBA related to authorization and registration (under PSD2) specify the necessary information on the requirements to be met by applicants wishing to obtain authorization to operate as a payment institution and electronic money or to obtain registration as an account information service provider under PSD2. Some guidelines included in PSD2 are as follows:
– Authorization requirements: These detail the criteria and conditions that payment service providers must meet to obtain authorization to operate in the European Union. These requirements may include years of experience, financial solvency, professional experience, and director profiles.
– Ongoing supervision: Once authorized or registered, payment service providers are subject to ongoing supervision by the relevant authorities to ensure continued compliance with regulations and guidelines.
– Conduct and Transparency Standards: The guidelines may also address issues related to conduct and transparency standards that payment service providers must follow to operate in the market.
What do you think about this topic? Do you want to know more about Pilsenga’s payment service?
If you are interested in Pilsenga’s products or services, you can visit our website and register on our platform by clicking the following link.