The European Central Bank (ECB) has published a speech given by Executive Board member Yves Mersch. The speech is entitled Reaping the benefits of payment services in a new regulatory environment.
In his speech Mr Mersch makes a number of comments including:
- the regulatory technical standards (RTS) on strong customer authentication and common and secure open standards of communication strike a fair balance between the diverging views of the different players. They should soon be finalised and then published in the Official Journal;
- all payment services providers are encouraged to ensure the highest level of security in their payment services and adopt the requirements of the RTS ahead of time;
- the RTS are designed to mitigate threat scenarios. For example, strong customer authentication solutions with dynamic linking of the authorisation to the specific amount and payee will help prevent man-in-the-middle attacks. Transaction and device monitoring is essential to identify unusual payment patterns and potential fraud cases. It is also essential to start offering well-functioning and reliable access interfaces to the payment service user accounts in order to protect the confidentiality and integrity of customer information;
- there are a few initiatives developing standardised specifications for Application Programming Interfaces (APIs) and the Euro Retail Payments Board (ERPB) has already called for close cooperation between these projects. Mr Mersch goes further and encourages these initiatives to join forces and agree on one common technical specification so that the whole of Europe could base their systems upon one or a few technical API standards;
- to promote the update to standardised APIs, the European Commission has invited market participants to establish an API Evaluation Group, which has just started its work. Mr Mersch calls on banks to actively, substantively and speedily contribute to the activities of the Group, as its findings are essential for the competent authorities, after consulting the European Banking Authority, to grant an exemption from the RTS obligation to offer a fallback solution for the dedicated interface.
View Reaping the benefits of payment services in a new regulatory environment, 22 February 2018