The European Payments Council (EPC) has officially released the updated Application Programming Interface (API) security framework aimed at bolstering the security-related requirements for participants in the Verification Of Payee (VOP), SEPA Request-to-Pay (SRTP), and SEPA Payment Account Access (SPAA) schemes.
This framework establishes minimum security-related requirements, ensuring that all participants, whether utilising the EPC API Specifications or alternative specifications, adhere to robust security standards.
This framework will become mandatory as of 5 October 2025 for the VOP, SRTP and SPAA scheme participants when using APIs.
Your reactions
If you would like to comment on this article, please identify yourself with your first and last name. Your name will appear next to your comment. Email addresses will not be published. Please note that by accessing or contributing to the discussion you agree to abide by the EPC website conditions of use.