Guidelines on internet payments security

Status: Final and translated into the EU official languages

The Guidelines on the security of internet payments are based on the recommendations of the European Forum on the Security of Retail Payments (SecuRe Pay), a voluntary cooperative initiative set up by the ECB and comprising relevant authorities from the European Economic Area (EEA) with the aim of facilitating understanding of issues related to the security of electronic retail payment services.

Consultation on guidelines on internet payments security (EBA/CP/2014/31)

Summary
20/10/2014

The European Banking Authority (EBA) published today a consultation paper on the implementation of its Guidelines on the security of internet payments. These Guidelines are the first output of the joint work undertaken by the EBA and the European Central Bank (ECB) on the security of payment services. The consultation will run until 14 November 2014.
 
The draft Guidelines on the security of internet payments are based on the recommendations of the European Forum on the Security of Retail Payments (SecuRe Pay), a voluntary cooperative initiative set up by the ECB and comprising relevant authorities from the European Economic Area (EEA) with the aim of facilitating understanding of issues related to the security of electronic retail payment services.
 
The ECB had released its final SecuRe Pay recommendations for the security of internet payments in January 2013 with an implementation date for 1 February 2015. During a stock-take of the progress of its work in summer 2014, the SecuRe Pay forum concluded that a more solid legal basis would be beneficial to ensure consistent implementation by financial institutions across all EU Member States, as well as to reassure financial institutions that required investments and system changes are being followed up by a consistent regulatory framework. To this end, the EBA, as one of the forum members, agreed to issue guidelines based on the SecuRe Pay recommendations, which will enter into force in August 2015 - an extension of six months compared to the original SecuRe Pay implementation date.
 
While SecuRe Pay had already consulted on the substance of the requirements and incorporated the responses, the EBA is now consulting specifically on the implementation of its guidelines, as these may warrant some adjustments in the context of the ongoing negotiations of the revised Payment Services Directive (PSD2).

Consultation process

Comments to this consultation can be sent to the EBA by clicking on the "send your comments" button on the consultation page. Please note that the deadline for the submission of comments is 14 November 2014.