Wed. Feb 19th, 2020

The EU launches new security rules for online payment services

The EU countries will begin to apply new rules from tomorrow to improve the security of payments on the Internet, which will force reinforce consumer identification requirements and banks to create communication platforms with service providers, such as fintech ".

Once the Payment Services directive (known as PSD2) is fully operational, consumers will benefit from a "safer and easier" online payment environment, the Commission said Friday in a statement.

Authentication will help fight fraud by making electronic payments more secure and the new rules will facilitate the entry of new operators into the payment services market.

The European Banking Authority, aware of the difficulties in introducing the changes in full as of September 14, authorized national supervisors to apply the new rules with "a certain degree of flexibility" and grant when necessary "a limited additional time ".

In Spain the rules will come into force later after the moratorium granted by the Bank of Spain.

In other countries the same could happen, as explained by the EC, which indicated that the new requirements "will be introduced gradually and some countries are more advanced than others in that area."

In any case, Brussels encouraged all actors to "accelerate their efforts to ensure that the new requirements are implemented quickly and completely" throughout the Union.

The new technical standards will force banks to create communication platforms to guarantee the access of third parties, particularly technology finance companies known as "fintech", to their customers' bank details easily and securely.

The firms of the "fintech" or technological finance sector offer users, above all, online payment services or to manage all their accounts in one place (through mobile applications, for example), for which they need Access the information that banks have of these users.

For this reason, Brussels asked the entities to develop interfaces aimed at communicating with the "fintech" so that they can access the information efficiently and guaranteeing that the data is protected.

The client must give their explicit consent for them to access their bank information.

Entities have also had to create "contingency mechanisms" to ensure continuity of service in case of problems.

The rules thus provide for an end to the "scraping" technique used today by "fintech" to access banking information, which consists in obtaining the data from the reading of the bank interface that the customer sees and generates security issues.

The regulation allows to improve the security in the payments by Internet, that will force that the suppliers demand at least two elements to verify the identity of the buyer, to choose between something that the client knows (like a PIN code), something that possesses (the physical payment card) or something that "is" (such as your fingerprint).

All suppliers will have to prove that they have implemented, tested and audited these security measures, so that, in case of a fraudulent payment, consumers will be entitled to a full refund.

. (tagsToTranslate) UE (t) releases (t) new (t) security (t) services

Source link