Customer to Bank Security - Good Practices Guide

E-channels provide outstanding efficiency for both banks and their customers. To build on this efficiency it is obvious that trust, availability and usability of e-channels must be safeguarded. Harmonization of payment instruments, rules and juridical framework encourages the use of cross-border services. New institutions, also non-banks, are expected to enter into the market of payment services. To gather the benefits of , insurance needs to be provided that the trust in e-banking is not hampered by inconsistent security practices or by "race to the bottom" competition with reduced security costs. Hence, the European payment industry is requested to commit itself to follow the security good principles and practices for the remote initiation of transactions for instruments in their operations as specified in the present document. In its 4th Progress Report (February 2006) the Eurosystem welcomed the activity started by , as it is important that the end-to-end security of payment transactions undertaken with instruments is ensured in a harmonized way, on the basis of good practices and standards.

The main purpose of this report is to help financial institutions to implement security controls in their e-banking services based on best practices in relation to specific risk profiles. It is evident that different e-banking services and transactions constitute different risks to the financial institutions and consequently must be treated accordingly. This report identifies six different classes of e-banking services as six risk profiles (Chapter 3). Some of the low risk areas require none or only few security principles implemented. This report focuses on a specific risk profile for customer originated transactions, and recommends guidelines and best practices for this specific risk profile.



