Supporting European Internet Payment Security Guidelines

In 2013, the European Central Bank (ECB) Recommendations For The Security of Internet Payments issued numerous recommendations for European payment service providers (PSPs) to enhance online fraud prevention practices. These recommendations are more expansive and detailed, yet fundamentally similar to the US Federal Financial Institutions Examination Council (FFIEC) landmark guidance entitled Authentication in an Internet Banking Environment.


The following year, the European Banking Authority (EBA) published its Final Guidelines on the Security of Internet Payments, based on the ECB recommendations, to document consistent procedures for European PSPs. Additional guidelines from the EBA are expected once the updated Payment Services Directive (PSD2) is published in 2017 - 2018.


While many PSPs have implemented numerous fraud prevention technologies and approaches, they may need additional capabilities in risk analysis, malware protection, and authentication to meet the Internet payment security guidance set forth by the ECB and EBA. The guidance from both regulatory organizations also cover mobile payments conducted via the mobile web browser, but for now exclude payments conducted via mobile applications.