On behalf of its member companies, the European Digital Media Association1 (EDiMA) welcomes the opportunity to respond to this consultation. We recommend the following:
- EBA should await finalization of the PSD2 text and then review the SecuRe Pay Recommendations against these new security requirements before issuing draft EBA Guidelines.
- The definition of strong authentication should be flexible enough to allow for new technologies to develop – tying this to two-factor authentication will stifle innovation in payment security. Security future proof regulations should aim at setting security benchmarks as opposed to imposing processes.
- EBA Guidelines should ensure reconciliation of security with consumer convenience, as over complex security methods might lead to users’ avoidance behavior with increased risk for users.
- EBA Guidelines should be consistent with global security practices to prevent creation of a “European fortress”.