- From: VIGNET cyril <Cyril.VIGNET@bpce.fr>
- Date: Tue, 12 Jan 2016 15:22:31 +0000
- To: Web Payments IG <public-webpayments-ig@w3.org>, Payments WG <public-payments-wg@w3.org>
- CC: Ian Jacobs <ij@w3.org>
Dear IG and WG members, The work of EBA is quite important and will have impact on our work. This comes from the definition of a new type of actor in the playing field: the PISP (Payment Initiation Service Provider). To summarise, the PISP is a company that will have its own brand at the merchant site in order for the buyer to click on it to pay. Then the PISP will be able to initiate a credit transfer on behalf of the buyer. The Payment Directive states that the authentication of the buyer should be strong. Main issues are : - how for a third party (PISP) to act on behalf of the buyer without risk at the buyer's account level ? - where and how should the strong authentication apply ? it goes without saying that the PISP wants the minimum authentication measures and the buyer's Bank wants a risk adapted authentication - how to initiate the credit transfer with security (as an example, one system existing today asks the login/password of the buyer and emulates a web banking session) Where are the relationships with our work: 1- this system is supposed to provide a unified method of webpayment with SEPA Credit Transfer: this use case is part of the IG charter 2- this system should work for all European countries and it is driven by European Commission (link with W3C) This is why I think that the WPIG should work on it quickly. Best regards PS: this use case was already raised in my proposal (SCAI) Cyril VIGNET +33622040856 +33158400234 Cyril.vignet@bpce.fr > -----Message d'origine----- > De : Ian Jacobs [mailto:ij@w3.org] > Envoyé : lundi 11 janvier 2016 19:02 > À : Web Payments IG; Payments WG > Objet : FYI: European Banking Authority (EBA) Discussion Paper on strong > customer and secure communication under PSD2 > > Hi Web Payments IG and WG, > > The EBA has published: > > Discussion Paper on future Draft Regulatory Technical Standards on strong > customer authentication and secure communication under the revised > Payment Services Directive (PSD2) > https://www.eba.europa.eu/documents/10180/1303936/EBA-DP-2015- > 03+%28RTS+on+SCA+and+CSC+under+PSD2%29.pdf > > No action is required; this is just a heads-up, especially about the 8 February > deadline for comments. > > The W3C staff may put together some feedback regarding open standards > and the set of current and relevant W3C activities (e.g., the Web > Authentication Working Group charter in review [1], WebCrypto work, etc.). > > Ian > > [1] http://www.w3.org/2015/12/web-authentication-charter.html > > -- > Ian Jacobs <ij@w3.org> http://www.w3.org/People/Jacobs > Tel: +1 718 260 9447 > >
Received on Tuesday, 12 January 2016 15:23:03 UTC