On 14 October 2020, the European Banking Authority (EBA) issued a public consultation to propose revising the guidelines on major incident reporting under the revised Payment Services Directive (PSD2). The proposal aims at optimising and simplifying the reporting process, capturing additional relevant security incidents, reducing the number of operational incidents that will be reported, and improving the meaningfulness of the incident reports received. The revision of the guidelines also intends to decrease the reporting burden on payment service providers (PSPs).
The consultation paper proposes the introduction of the new incident classification criterion ‘breach of security measures’ to capture security incidents where the breach of the security measures of the PSP has an impact on the availability, integrity, confidentiality and/or authenticity of the payment services related data, processes and/or systems. The consultation paper also introduces changes to the thresholds for the calculation of the criteria ‘transactions affected’ and ‘payment service users affected’.
The deadline for comments on the consultation is 14 December 2020.