Re: European Banking Authority (EBA) Discussion Paper on strong customer and secure communication under PSD2

> On Jan 12, 2016, at 9:22 AM, VIGNET cyril <> wrote:
> Dear IG and WG members,
> The work of EBA is quite important and will have impact on our work. This comes from the definition of a new type of actor in the playing field: the PISP (Payment Initiation Service Provider).
> To summarise, the PISP is a company that will have its own brand at the merchant site  in order for the buyer to click on it to pay. Then the PISP will be able to initiate a credit transfer on behalf of the buyer. The Payment Directive states that the authentication of the buyer should be strong.
> Main issues are :
> - how for a third party (PISP) to act on behalf of the buyer without risk at the buyer's account level ?
> - where and how should the strong authentication apply ? it goes without saying that the PISP wants the minimum authentication measures and the buyer's Bank wants a risk adapted authentication
> - how to initiate the credit transfer with security (as an example, one system existing today asks the login/password of the buyer and emulates a web banking session)
> Where are the relationships with our work:
> 1- this system is supposed to provide a unified method of webpayment with SEPA Credit Transfer: this use case is part of the IG charter
> 2- this system should work for all European countries and it is driven by European Commission (link with W3C)
> This is why I think that the WPIG should work on it quickly.

Hi Cyril,

Thank you for shedding some light on the relevance of the discussion paper to our work. Do you think there would be benefit to having additional discussion on the
relationship between PSD2 and Web Payments at our February FTF meeting? If so, do you think that having an EBA representative at the meeting might be feasible?


Ian Jacobs <>
Tel:                       +1 718 260 9447

Received on Tuesday, 19 January 2016 18:14:23 UTC