EPC and Cards Stakeholders Group Launch Public Consultation on Securit...

EPC and Cards Stakeholders Group Launch Public Consultation on Security Requirements for Remote Payments – All Interested Parties are Invited to Provide Feedback by 4 August 2013

25 October 13

Share This

On 3 June 2013, the together with the Cards Stakeholders Group (CSG) published version 6.5 of the Single Euro Payments Area () Cards Standardisation Volume for a six-week public consultation (see links below). In addition, on 8 July 2013 the together with the CSG issued a document on security requirements for remote payments for a separate public consultation. All market participants and interested parties are invited to provide feedback by 4 August 2013. The documentation relevant to the public consultation on security requirements for remote payments is available on the Website (see links below). Based on the feedback received, the final content of the document will be included with version 7.0 of the Cards Standardisation Volume, to be published in early 2014 ready for market implementation. It is foreseen that this version will take into account the ‘Recommendations for the security of internet payments’ (see links below) released by the European Central Bank (ECB) on 31 January 2013.

The CSG is a multi-stakeholder body representing retailers, vendors, processors, card schemes and the . Created in 2009, the CSG focuses on a cards standardisation programme that will create a better, safer, more cost efficient and functionally richer card services environment, whatever the card product or scheme may be. The CSG develops and maintains the Cards Standardisation Volume. This document defines a standard set of requirements to ensure an interoperable and scalable card and terminal infrastructure across , based on open international card standards. The dialogue taking place in the CSG ensures the open and constructive co-management of the processes related to the identification of common standards requirements and implementation of best practices compliant with such requirements, which will promote interoperability and foster competition in the cards domain. The European Union authorities driving forward the programme identified the need to create harmonised standardisation requirements in the cards domain early in the process of integrating the market for electronic euro payments. This was reinforced by the European Economic and Financial Affairs Council when it requested that the industry should set the conditions for further standardisation in the area of cards. This request was repeatedly echoed by the ECB. The work of the and the CSG supports this vision.

The relevance of harmonised security requirements for remote payments in

Card-based remote payments are defined as a payment initiated by a device where the transaction is conducted over a (tele)communication network (e.g., internet, …) and which can be made independently from the cardholder’s location. Based on the proliferation of smart phone technology and increased willingness of consumers to use this or another mobile device when purchasing goods or services on the internet, remote payments have the potential to become a new standard for making online payments.

Further adoption of remote payment methods would support a principal objective of the initiative; i.e. to encourage a shift from cash to electronic payments. Despite the fact that cash accounts for a falling proportion of retail payments, it is in general still the predominant payment method in Europe and the demand for cash continues to grow. In October 2012, the ECB published the report ‘The Social and Private Costs of Retail Payment Instruments’ (see links below). According to the report, which analyses the social and private costs of making retail payments in 13 European countries, these are substantial, amounting to around 45 billion euros, or almost 1 percent of their combined gross domestic product.

Boosting trust in remote payments also responds to the needs of both consumers and merchants active in the e-commerce environment. This market has been expanding at double digit growth rates continuously. The position paper on ‘Online Payments in Europe’, published in June 2011 by the e-Payments Merchant Initiative (see links below), highlights the fast development of e-commerce in Europe. It states: “In the past 15 years e-commerce has become a mature market and is still growing. This trend is expected to continue in the coming years due to the further proliferation of mobile devices (smart phones, tablets) and the customer need of ‘being always online’.” Ecommerce Europe, the European collective of merchant organisations and their members, confirmed this trend in its position paper ‘E-Payments 2012’ (see links below): “E-commerce has enabled consumers to access goods and services from all over Europe. As such, e-commerce has contributed significantly to the European economy in general and the success of the European Single Digital Market in particular.”

It has to also be recognised, however, that – despite the fact mobile payments (m-payments) represent the fastest growing retail payment method –  internet and m-payments continue to account for only a small percentage of overall retail payment transactions in Europe. Due in part to security concerns, many merchants have refrained from setting up e-commerce platforms and consumers may be reluctant to fully embrace the convenience of remote payments. Considering the paramount importance of security in financial transactions, it is imperative to identify and analyse fraud methods targeting remote payments to prevent and combat fraud. The focus must be on minimising vulnerabilities resulting from mobile threats such as, for example, worms and malware, which are expected to escalate in the coming years especially through the use of mobile applications. The rapid proliferation of smart phones with the option of installing sophisticated payment applications has fuelled this development.

The document setting out security requirements for remote payments released for public consultation by the together with the CSG responds to the increasing use of remote card payments. The proposed requirements are designed to identify and protect against security threats and, consequently, help to establish an environment which allows both consumers and merchants to fully reap the benefits of exchanging goods and services online.

All interested parties are encouraged to participate in this public consultation

Respondents to the consultation are invited to provide feedback using the response template available for download on the Website page dedicated to this public consultation (see links below) by 4 August 2013. A summary of the responses received with this public consultation will be included with version 7.0 of the Cards Standardisation Volume, to be published in early 2014 ready for market implementation. Respondents to the public consultation on remote security requirements who do not wish to be cited in the summary report have the option to indicate this in the response form.

Related links:

Your reactions

If you would like to comment on this article, please identify yourself with your first and last name. Your name will appear next to your comment. Email addresses will not be published. Please note that by accessing or contributing to the discussion you agree to abide by the EPC website conditions of use.