On 31 January 2013, the European Central Bank published final recommendations for the security of internet payments. The publication followed a two-month public consultation and represented the first output of SecuRe Pay.

SecuRe Pay is a voluntary cooperative initiative between relevant authorities from the EEA, including national supervisors of payment service providers and overseers. Its objective is to facilitate common knowledge and understanding of issues related to the security of electronic retail payment services and instruments.

During a review this year SecuRe Pay concluded that the implementation of the recommendations would benefit from a more solid legal basis to ensure consistent implementation by financial institutions across the EU. SecuRe Pay brought this to the attention of the European Banking Authority (EBA) which agreed to develop guidelines based on the recommendations. The EBA has now published a consultation paper containing draft guidelines.

The deadline for comments on the consultation paper is 14 November 2014. The EBA expects to publish a feedback statement soon thereafter. From the publication of the final guidelines onwards, Member State competent authorities will have to notify the EBA within two months as to whether they comply or intend to comply, or otherwise with reasons for non-compliance. Member State competent authorities, as well as financial institutions, will have to comply with the guidelines by the entry into force date of 1 August 2015.

View EBA consults on implementation of guidelines on internet payments security, 20 October 2014