W3C home > Mailing lists > Public > public-payments-wg@w3.org > January 2016

RE: European Banking Authority (EBA) Discussion Paper on strong customer and secure communication under PSD2

From: VIGNET cyril <Cyril.VIGNET@bpce.fr>
Date: Tue, 12 Jan 2016 15:22:31 +0000
To: Web Payments IG <public-webpayments-ig@w3.org>, Payments WG <public-payments-wg@w3.org>
CC: Ian Jacobs <ij@w3.org>
Message-ID: <07D7DDCB6140B24F8F43444303ED8B57C16979@IBXHBE11.dom801.ibp>
Dear IG and WG members,

The work of EBA is quite important and will have impact on our work. This comes from the definition of a new type of actor in the playing field: the PISP (Payment Initiation Service Provider).

To summarise, the PISP is a company that will have its own brand at the merchant site  in order for the buyer to click on it to pay. Then the PISP will be able to initiate a credit transfer on behalf of the buyer. The Payment Directive states that the authentication of the buyer should be strong.

Main issues are :
- how for a third party (PISP) to act on behalf of the buyer without risk at the buyer's account level ?
- where and how should the strong authentication apply ? it goes without saying that the PISP wants the minimum authentication measures and the buyer's Bank wants a risk adapted authentication
- how to initiate the credit transfer with security (as an example, one system existing today asks the login/password of the buyer and emulates a web banking session)

Where are the relationships with our work:
1- this system is supposed to provide a unified method of webpayment with SEPA Credit Transfer: this use case is part of the IG charter
2- this system should work for all European countries and it is driven by European Commission (link with W3C) 

This is why I think that the WPIG should work on it quickly.

Best regards

PS: this use case was already raised in my proposal (SCAI)


> -----Message d'origine-----
> De : Ian Jacobs [mailto:ij@w3.org]
> Envoyé : lundi 11 janvier 2016 19:02
> À : Web Payments IG; Payments WG
> Objet : FYI: European Banking Authority (EBA) Discussion Paper on strong
> customer and secure communication under PSD2
> Hi Web Payments IG and WG,
> The EBA has published:
>   Discussion Paper on future Draft Regulatory Technical Standards on strong
> customer authentication and secure communication under the revised
> Payment Services Directive (PSD2)
>   https://www.eba.europa.eu/documents/10180/1303936/EBA-DP-2015-
> 03+%28RTS+on+SCA+and+CSC+under+PSD2%29.pdf
> No action is required; this is just a heads-up, especially about the 8 February
> deadline for comments.
> The W3C staff may put together some feedback regarding open standards
> and the set of current and relevant W3C activities (e.g., the Web
> Authentication Working Group charter in review [1], WebCrypto work, etc.).
> Ian
> [1]  http://www.w3.org/2015/12/web-authentication-charter.html
> --
> Ian Jacobs <ij@w3.org>      http://www.w3.org/People/Jacobs
> Tel:                       +1 718 260 9447
Received on Tuesday, 12 January 2016 15:23:04 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:43:13 UTC