GO

In your view, which of the following initiatives will have the greatest impact on the European payments market? This poll is closed.

 

EPC Newsletter
Issue 7 - July 2010

SEPA for Cards

Standardisation is KeyFocus on security requirements and a European certification framework

19.07.10 BY Claude Brun

INTRODUCTION AND SUMMARY

In the SEPA for Cards, European cardholders and merchants will be able to make and receive payments with general purpose cards in 32 SEPA countries with the same ease and convenience as in their home country. The EPC is carrying out a cards standardisation programme designed to remove technical obstacles preventing such a consistent customer experience. In 2009, the EPC organised the creation of the Cards Stakeholders Group (CSG) together with representatives of the five sectors also active in the cards domain including retailers, vendors (manufacturer of cards, payment devices and related IT systems), processors, card schemes, banks and payment institutions. The CSG is mandated to progress the SEPA Cards Standardisation Volume - Book of Requirements. Claude Brun delivers a progress report on two key domains covered in the SEPA Cards Standardisation Volume - Book of Requirements: (1) the high level functional requirements for a single set of security requirements and (2) the framework which describes the evaluation methodology and the certification architecture aimed at achieving interoperability of cards and terminals within SEPA.

***
Readers are invited to share their thoughts on topics discussed in the EPC Newsletter.
Scroll to the end of the page and post a comment. Go to comments.

Single set of SEPA security requirements

In June 2010, the EPC Plenary approved the single set of SEPA terminal security requirements agreed by the banking industry in close dialogue with other sectors represented in the Cards Stakeholders Group. These requirements are based on the PCI SSC requirements developed by the Payment Cards Industry Security Standards Council1 and will be integrated in an updated version of the SEPA Cards Standardisation Volume - Book of Requirements expected to be published by end 2010. The security requirements will regularly be reviewed by the banking industry together with other stakeholders active in the cards and terminals value chain including the CAS initiative (Common Approval Scheme). Further work is in progress aimed at developing a single set of security requirements for cards.

Cards and terminals SEPA certification framework

The design of the architecture (certification framework) allowing for the trusted and common security and functional evaluation and certification of cards and terminals at SEPA level is essential to cater to the needs of the more than 500 million cardholders and millions of merchants. The SEPA cards and terminal certification framework will ensure that any card or terminal certified by an accredited body can be deployed and used anywhere throughout SEPA. Currently, cards and terminals need to be certified for each market and card scheme subject to different criteria and procedures. To-date, the certification of cards and terminals takes place based on requirements defined at a national level. Moving forward, the goal is to establish a European certification framework enabling the manufacturers of cards and terminals to obtain a single certification that is recognised in all 32 SEPA countries. Thus by having a standard SEPA certification process, vendors can take advantage of greater economies of scale.

To this end, the EPC Plenary decided to create a "European Certification Body" whose governance structure should include banks and card schemes. The retail sector should participate as full members in the area of functional aspects which encompass, for example, functional requirements on ATM Cash withdrawals, unattended terminals without PIN, and card not present transactions. In addition, the retail sector should act as an observer with regard to the certification of security requirements. Regulators should be represented as observers in the "European Certification Body" as well. The EPC is prepared to support the market in setting up this certification management body.

Next steps

The EPC will create a proposal to frame the cooperation process regarding the maintenance of cards and terminals security requirements and the further steps required to set up the "European Certification Body".

Claude Brun is the Vice Chair of the European Payments Council and served as the Chair of the EPC Cards Working Group until June 2010. In line with a recent change of the EPC Charter which stipulates that EPC Office Holders such as the Chair and Vice Chair of the organisation and Chairs of the EPC Working and Support Groups should not hold more than one office, Claude Brun is succeeded as Chair of the EPC Cards Working Group by Ugo Bechis.

Related link:

SEPA Cards Standardisation Volume - Book of Requirements (Version 4.0)

Related articles in this issue:

EPC Card Fraud Prevention Forum: Agreement on new measures to fight card fraud

New Business Opportunities with Chip and PIN. How to create added value based on EMV technology

 

1For more information on PCI SSC visit https://www.pcisecuritystandards.org/about/index.shtml

Article123




Comments

If you would like to comment on this article, please identify yourself with your first and last name. Please note that your name will appear next to your comment. Email addresses will not be published. Please note that by accessing or contributing to the discussion you agree to abide by the EPC Newsletter Terms and Conditions, so please read them carefully before doing so.

Blog Posts

Read us on EPC Blog

30.09.14
The New European Commission is Expected to Take Office on 1 November 2014. A Recap of the Role of the European Commission in the Evolution of SEPA Credit Transfer and SEPA Direct Debit

Tweets

Follow us on Twitter

European Banking Authority consults on implementation of #internet #payments #security guidelines. #PSD2 #SEPA @ecb http://t.co/6EkDTY0W21
20/10/2014
Tweets

Join us on LinkedIn


Leave this field empty

Mail this article to a friend

Enter the below data in order to send a link to this page.

Your name:
Your email:
Name of your friend:
Email of your friend:
Your comment:
Close
Leave this field empty

Send feedback

Enter the below data in order to give feedback on this page.

Your name:
Your email:
Your comment:
Close