- From: Mountie Lee <mountie@paygate.net>
- Date: Tue, 24 Feb 2015 09:12:09 +0900
- To: David Ezell <David_E3@verifone.com>
- Cc: "public-webpayments-ig@w3.org" <public-webpayments-ig@w3.org>
- Message-ID: <CAE-+aY+OQkNOPYJTvo3BCQ4n5zAqOxi9G07H=aYLnZzfw6MfGg@mail.gmail.com>
Hi. does it different between two factors, two steps, two channels? here in Korea, we had regulation two channel authentication for e-banking but within this year, it seem to be removed. because we understand specific technical requirement in legal description can not prevent fraud or data compromise. the e-payment risk mostly depends on the mixture of merchant, product, delivery and transaction risk. for UseCase, I think it's enough to touch one of variable cases. best regards mountie On Tue, Feb 24, 2015 at 5:34 AM, David Ezell <David_E3@verifone.com> wrote: > Dear Web Payments folks: > > > > Below is an email from our friend Alan Thiemann, currently chair of > ISO12812 and colleague from NACS. He has raised the fact that a new > requirement from the European Banking Authority requires "two-factor > authentication on all e-payments." > > > > It looks like this requirement (regulatory) may have an impact on every > use case we're working on. > > > > Thoughts welcome. > > > > Best regards, > > David > > > > *From:* Alan Thiemann [mailto:ajthiemann@gmail.com] > *Sent:* Saturday, February 21, 2015 1:05 PM > *To:* Gray Taylor; Linda Toth; David Ezell > *Subject:* Internet Payments in EU > > > > Folks, > > > > > https://www.linkedin.com/pulse/eba-security-guidelines-immediate-action-required-payment-lycklama?trk=prof-post > > > > The European Banking Authority issued a new requirements document covering > all Internet payments that will become effective this year (I > understand it must be adopted within 6 months of each country's act of > approving the EBA document). > > > > Essentially, this is going to require two-factor authentication on all > e-payments, including credit transfers (i.e., ACH). Ironically, EMVCo has > stated it won't have its specification ready until 2016, so there will > obviously be a lag in adoption. There is also some question about its > application to issuers outside of the EU who handle transactions within the > EU. THIS BEARS LOOKING AT. > > > > David, has W3C done anything about this? > > > > Alan > > -- > > Alan J. Thiemann > Law Office of Alan J. Thiemann > 700 12th Street, NW > Suite 700 > Washington, DC 20005 > (202) 904-2467 > (202) 558-5101 fax > ------------------------------ > This electronic message, including attachments, is intended only for the > use of the individual or company named above or to which it is addressed. > The information contained in this message shall be considered confidential > and proprietary, and may include confidential work product. If you are not > the intended recipient, please be aware that any unauthorized use, > dissemination, distribution or copying of this message is strictly > prohibited. If you have received this email in error, please notify the > sender by replying to this message and deleting this email immediately. > -- Mountie Lee PayGate CTO, CISSP Tel : +82 2 2140 2700 E-Mail : mountie@paygate.net
Received on Tuesday, 24 February 2015 00:12:59 UTC