08 Dec “Strong authentication” a “show stopper” in ePayment?
The EBA (European Banking Authority, based in London, since 01-2011 the successor organization of the Committee of Banking Supervisors CEBS, mandated as an organization of the EU to create transparency and uncover weaknesses in the banking system) now absolutely required for consultations (strong authentication) has what it takes to massively change Internet payment transactions in terms of payment methods, providers and usage behavior. In fact, it means that the payer must be clearly identified for each payment process. Loose procedures in which third parties (family members, etc.) can also complete the purchase on the network with the appropriate access data (e.g. credit card KK number with security code) are then no longer possible. Strong authentication (now called “authentication” instead of the previous “authentication”) requires at least two of the three identity characteristics: a) What do I know (e.g. password), b) What makes me biometric (e.g. fingerprint), c) What do I have with me (e.g. mobile device). At the moment it could be the case, for example, that in addition to the previously known process, a KK payment on the Internet (see above a) I know the numbers …) an SMS-TAN is sent to the mobile device (see above c) I have it with me). Some dealers and PSP are already using this. However, it is unclear whether even this procedure will be sufficient. Advantage for creditPass direct debit customers : The already inexpensive and efficient direct debit is (still) exempt from the EBA regulations. Further information, for example: www.epsm.eu