The European Banking Authority (EBA) has unveiled its final guidelines on security measures for operational and security risks of payment services under PSD2.
These guidelines are designed to ensure that payment service providers (PSPs) use the appropriate security measures to mitigate operational and security risks. Guidelines include the establishment of an effective risk management framework; detection, prevention and monitoring of potential security breaches and threats, risk assessment processes, systematic testing, and increased user awareness to security risks and risk-mitigating actions.
After a three months consultation period, the final guidelines offer further clarity and detail on some terms and aspects it had proposed in its draft. Notably, the meaning of proportionality and why the EBA is not regulating certification processes of security measures are being clarified.
The Payment Services Directive (PSD), administered by the European Commission, is designed to regulate payment services and payment service providers in the European Union and European Economic Area. This EU Directive is aimed at improving the security of online payment services, open the online payment landscape to new innovative solutions and minimize online fraud. Its revised version (PSD2) entered into force in January 2016, one year before its rules apply.