Do not follow this hidden link or you will be blocked from this website !

PSD2: EBA consults on security measures for operational and security risks

17/05/2017 Clifford Chance

The EBA has launched a consultation on draft guidelines on security measures for operational and security risks under the revised Payment Services Directive (PSD2). The proposed guidelines set out the requirements that payment service providers should implement in order to mitigate operational and security risks derived from the provision of payment services.

The guidelines cover:

 

  • governance of the risk management framework, the risk management and control models and outsourcing;
  • identification, classification and risk assessment of functions, processes and assets;
  • protection of integrity and confidentiality of data and systems, physical security and access control;
  • monitoring, detection and reporting of security incidents;
  • business continuity management, including scenario-based continuity plans and their testing, incident management and crisis communication;
  • testing of security measures;
  • situational awareness and continuous learning; and
  • management of the relationship with the payment service user.

 

Comments are due by 7 August 2017.