The EU Banking Authority (EBA) today (19 December) issued new regulations to beef up security of internet payments across the bloc to counter cybercrime, which is on the rise.
The guidelines require that payments service providers (PSPs) carry out stronger customer authentication before proceeding with online payments.
PSPs will also be required better to assist customers in relation to internet payment frauds and to initiate customer awareness programmes to ensure that users understand risks.
The guidelines – drawn up by SecurRe, a voluntary cooperation of central banks and regulators – will apply to all EU PSPs and must be implemented by PSPs by August next year.
The move came in response to evidence of a marked rise in fraud relating to internet payments. The most recent pan-EU figures showed on-line fraud during 2012 caused €794 million in losses, an increase of more than one-fifth (21%) from the previous year.
The rise in internet fraud comes against a decline in the more traditional form of ‘hold-up’ bank robbery.
According to data collected by the European Banking Federation, 2,347 bank robberies were reported by the 32 countries that are represented in the EBF over 2013, 11% fewer than the year before.
A total of 175 attacks on cash-in-transit were registered by the EBF, down 29%. These figures continued a four-\ year downward trend.
“Working in partnership with the relevant authorities is important for protecting against attacks. However, these threats are not only physical and the cyber-threat is increasing. Banks cannot act on their own to combat this threat,” said Patrick Borschette, chair of the EBF’s Working Group on Physical Security.
“The EBA guidelines on internet payments provide the legal basis for achieving a level playing field for all PSPs across the EU. Through this piece of work, the EBA looked into supporting the development of e-commerce across the EU, while ensuring proper protectioonsumers,” said Geoffroy Goffinet at the EBA Consumer Protection Unit.
One of the largest cyberattacks in the European Union to date took place in Estonia in 2007 and led to a temporary shut down of the country’s banks, ministries, newspapers and broadcasters.
A smaller scale attack in 2011 saw more than 150 of the French finance ministry's 170,000 computers hacked for documents relating to a G20 meeting.
In March 2011 cyberattackers penetrated the European Commission’s external action service e-mails. In July 2012, an attack on the European Council targeted officials around President Herman Van Rompuy.
To respond to such attacks, the EU opened a Europol cybercrime centre in 2013.
- 15th August 2015: EBA guidelines to be introduced