These rules stem from the European Union’s (EU) recently-revised Payment Services Directive (PSD2), which seeks to modernize Europe’s payment services.
A primary focus of PSD2 is to increase the level of security and confidence of electronic payments. One of its recommendations is to develop strong customer authentication (SCA).
Thus, the new rules approved by the commission this week feature built-in security provisions to reduce payment fraud levels and protect users’ financial data. Specifically, they require a combination of at least two independent elements, which could be a physical item – a card or mobile phone – combined with a password or a biometric feature, such as fingerprints, before making a payment.
The rules also outline the requirements for common and secure standards of communication between banks and financial technology, or fintech, companies.
“These new rules will guide all market players, old and new, to offer better payment services to consumers while ensuring their security,” Valdis Dombrovskis, vice president in charge of Financial Stability, Financial Services and Capital Markets Union for the commission, said.
Now, the European Parliament and the Council have three months to review and approve these rules. Once finalized, banks and other payment services providers will have 18 months to put the security measures into place.