We respond to the EBA Guidelines on the security of internet payments
We have responded to the EBA Guidelines on the security of internet payments. Our statement reads as follows:
"We do not have the power without legislative change to make binding rules requiring all payment service providers (credit institutions, payment institutions and e-money institutions) to comply with the EBA Guidelines.
"We have considered what other steps we might take short of making binding rules, including issuing guidance to payment service providers, in the light of our statutory objectives and obligations and our public law duties, and in particular the requirement that we have regard to the principle of proportionality (see section 3B(1)(b) of FSMA 2000). The choreography of the EBA Guidelines and PSD2 is an important aspect of the proportionality analysis.
"Implementation of the Guidelines will require some providers to make significant changes to their systems and controls and significant additional changes are likely to be necessary following implementation of PSD2. We indicated to the UK market in March 2014 that we would be requiring compliance with the SecuRe Pay Recommendations in line with PSD2 transposition, and we remain of the view that it is reasonable, in all the circumstances, for FCA to incorporate the detail of the Guidelines (or equivalent guidelines issued under PSD2) into our supervisory framework in line with this timetable. Our intention is that this will be done in a way that is equally binding on all types of payment service provider.
"We are fully supportive of the objectives behind the Guidelines and agree with the importance of consumers being protected against fraud when making payments online. Ensuring the security of payments and the protection of sensitive customer data is a critical part of the infrastructure of robust payment systems, and we have reminded payment service providers of their responsibility to ensure consumers' payments are safe and secure."