Consultation announcement: Recommendations for the security of internet payments
On 11 April 2012 the Governing Council of the European Central Bank (ECB) endorsed for public consultation the “Recommendations for the security of internet payments”, in the context of the work undertaken by the European Forum on the Security of Retail Payments. The Forum was established in early 2011 at the suggestion of the Payment and Settlement Systems Committee of the ECB as a voluntary cooperative initiative between relevant European authorities - supervisors of payment service providers and overseers in particular. Its purpose is to facilitate common knowledge and understanding of issues related to the security of electronic retail payment services and instruments.
The harmonised, minimum security recommendations are expected to contribute to fighting payment fraud and enhancing consumer trust in such services. They include key considerations and best practices and are applicable to all payment service providers (PSPs), as defined in the Payment Services Directive, that provide internet payment services, such as: (i) the execution of card payments on the internet, including virtual card payments, as well as the registration of card payment data for use in wallet solutions; and (ii) the execution of credit transfers on the internet, or direct debit electronic mandates initiated in relation to the payer’s account, where the payer authorises its PSP over the internet using web-based technology. Owing to the specific nature of card payments, a number of the recommendations are addressed to PSPs offering acquiring and/or issuing services, as well as to governance authorities of card payment schemes. Moreover, other market participants, such as e-merchants, are encouraged to adopt some of the best practices.
Implementation of the recommendations will be based on the existing legal framework. The authorities represented in the Forum are committed to supporting implementation in their respective jurisdictions and will strive to ensure consistency across countries.
All interested parties are invited to comment on the draft “Recommendations for the security of internet payments” by 20 June 2012. The document can be downloaded from the ECB’s website. The respective national central banks and national supervisors of PSPs will serve as contact points for national PSPs and actors in their country and provide further information and/or answer questions regarding these recommendations. Any comments received will be published on the internet, unless it is clearly indicated that the author does not consent to such publication. Comments should be submitted to the ECB in English, or in the relevant official EU language, at the following address:
European Central Bank
D-60311 Frankfurt am Main
Fax: +49 69 1344 6170