ECB Consultation on security of internet payments (deadline: June 20, 2012)

The European Central Bank (ECB) is consulting on standards to increase the security of internet payments in the European Union. It has drafted recommendations that developed by the European Forum on the Security of Retail Payments, SecuRe Pay. This Forum of regulators and supervisors was set up in 2011 as a voluntary cooperative initiative between authorities.

The report outlines security recommendations and best practices such as the principle of strong authentication. Strong customer authentication is a procedure based on the use of two or more of the following elements – categorised as knowledge, ownership and inherence:

  • something only the user knows, e.g. static password, code, personal identification number;
  • something only the user possesses, e.g. token, smart card, mobile phone;
  • something the user is, e.g. biometric characteristic, such as a fingerprint.

The ECB will consider the feedback of the market before finalising the recommendations in early 2013.