ECB Recommendations for the Security of Internet Payments

ECB Secure Pay Recommendations for the Security of Internet Payments. The clock is ticking - Ignacio González-Páramo

Topics of this issue:

1. ECB Secure Pay Recommendations for the Security of Internet Payments. The clock is ticking

2. More on the proposed interchange regulation

3. The mystery of non-regulated “massive payment volumes” in Europe


The European Central Bank (ECB) Recommendations for the Security of Internet Payments (Secure Pay) were already analyzed in the November 2013 edition of this Newsletter. However, keeping in mind that the implementation deadline established by the document itself (February 2015) is less than a year from now and that last February the ECB published an assessment guide on how to implement the Recommendations, it might be necessary to re-open a constructive debate in order to bring to the fore points to be addressed so as to potentially improve the current state of things. The deadline is close, but increasing industry awareness might help the market to move forward.


For starters, the deadline is still a major issue. Let’s not forget that the recommendations are to be implemented via the legislation transposing the revised Payments Service Directive – aka PSD2 – (which might be delayed until some point beyond early 2015) into the legislation of the different European Union (EU) Member States or a local oversight framework put in place by the relevant local authorities, for which no relevant input has been received by the industry so far. On top of that, the section of the proposal for a PSD2 that deals with security requirements is anything but specific and leaves most implementation details to future guidance resulting from the cooperation between the ECB and the European Banking Authority (EBA). Therefore, if we bear in mind that PSD2 might not be published until mid- 2015 and that the EBA guidelines might take even longer, the February 2015 deadline is not feasible. This is the reason why authorized voices in the industry are already advocating that the deadline be extended so that the potential nonsense can be tackled, though there has been no response so far from EU policy-makers. Moreover, some local regulators (the ones responsible for implementing and enforcing the recommendations) have already stated that they will wait for PSD2 and the EBA guidelines before making a move. Therefore, it seems that neither of the two alternatives to implement and enforce the recommendations can make this happen. Is it reasonable, in such a situation, to ask the industry to move forward to an undefined scenario which is even unknown to the ones supposed to shape it?


On a different note, market fragmentation, an unintended consequence implied by most (if not all) European regulatory initiatives (something that should concern the whole payments sphere), is likely to have a relevant impact. The way that most European legal instruments are usually published, interpreted and enforced does not precisely inspire optimism in this respect. This is not only worrying in terms of the impact on consumers - who might encounter different, confusing and sometimes annoying payment experiences depending on the rules applicable in the jurisdiction where they pay.


Download the full article from here

Scroll UP