In what it is says is “an important set of guidelines against payment fraud” the European Central Bank (ECB) has unveiled plans to introduce harmonised, minimum security recommendations in Europe covering internet payments and customer authentication.
The ECB proposals, which have a planned implementation date of 1 February 2015, would require payment service providers (PSPs) and payments governing bodies to better protect the initiation of online payments and the transaction data that flows across these systems using "strong customer authentication" technologies and procedures.
The rules would mean PSPs and others would have to ensure customers were given all necessary assistance about how to ensure best practice online security measures are followed, including the use of monitoring tools that can detect and prevent fraudulent attempts. Log-in attempts would be rationed and the harmonised European-wide rules would mean that common time limits for appropriate authentication to be entered would be established. Of course, many such pattern-spotting software systems are already deployed but the rules will seek to introduce a common minimum standard.
The ECB recommendations can be seen here.