Submission #31

Primary tabs

View(active tab)

Association of German Banks

Do you prefer for the EBA guidelines a. to enter into force, as consulted, on 1 August 2015 with the substance set out in this consultation paper, which means they would apply during a transitional period until stronger requirements enter into force at a later date under PSD 2 (i.e. a two-step approach); or to anticipate these stronger PSD 2 requirements and include them in the final guidelines under PSD 1 that enter into force on 1 August 2015, the substance of which would then continue to apply under PSD 2 (i.e. a one-step approach).

We would prefer option a), although this option involves numerous imponderables. What is more, PSD1 does not yet feature the legal concept of “strong customer authentication”, so that the legal background to the guidelines’ central element is missing. We therefore propose the following new Option (c): The risks outlined can be avoided and legal certainty achieved at the same time if guidelines take effect after publication of PSD2. In view of the experience made in handling the SecuRe Pay recommendations, a timeframe of 36 months for implementation by financial institutions appears realistic.

Upload files BDB answer to EBA consultation on security of internet payment_12Nov14.docx

Name of organisation Association of German Banks