Banks, credit card companies and other payment service providers (PSPs) should put
multiple “security measures” in place to ensure that they can repel attempts to breach the integrity of internet payment systems, the European Central Bank (ECB) has recommended.
On the thorny issue of authentication, the draft says that all mobile payment service providers should protect transactions through strong (at least two-factor) authentication.
However, this is not set in stone and the possibility of allowing less stringent measures for low value payments and low-risk transactions such as those within the same payment service provider, is raised.
The ECB says that this would create a difference in security requirements compared with those for card-present payments, “which may be difficult to justify” but is now asking industry participants to chip in with their opinions.
Among the other draft recommendations is a limit to the number of incorrect log-in attempts a user gets, strong transaction monitoring mechanisms to spot fraud, data protection rules, and a requirement to log all transactions with an audit trail.
Interested parties no have until the end of January to comment before final recommendations are made which should be implemented by European mobile payment service providers by February 2017.
The post ECB outlines new security standards for internet payments appeared first on Payments Cards & Mobile.