- From: Rob van Eijk <rob@blaeu.com>
- Date: Fri, 02 Dec 2016 12:58:05 +0100
- To: public-web-security@w3.org
Indeed, see e.g. Article 97 (strong customer authentication) of PSD2, URL: http://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32015L2366. Also note that the payment service user’s explicit consent is key in providing (additional) services but - in sofar I understand - would allow third party access to payment data. But that's more a privacy than a security aspect. Rob Anders Rundgren schreef op 2016-12-02 11:58: > There's a new EU directive called PSD2 requiring banks to "open up" > accounts to third-party access. > This requires new levels of authentication. > > Not everybody see this as realistic or useful. Here is VISA's public > protest against PSD2 authentication requirements: > > https://www.visaeurope.com/media/images/psd2%20position%20paper%20nov%202016-73-40837.pdf > > "You will no longer be able to make... > - one-click online checkouts even at stores you shop at all the time > - fast, automatic payments where your card is already securely stored" > > Anders
Received on Friday, 2 December 2016 11:58:46 UTC