FIN.

EBA publishes PSD2 security measures guidelines

EBA has published its final guidelines on security measures for operational and security risks of payment services required by PSD2. The guidelines require PSPs to have in place:

  • an effective operational and security risk management framework
  • processes to detect, prevent and monitor potential security breaches and threats
  • risk assessment procedures
  • regular testing
  • processes to raise awareness to payment services users on security risks and risk-mitigating actions

Since the consultation draft of the guidelines, EBA has clarified the meaning of proportionality and explain why certification processes of security measures are not included.

FIN. Team