The UK, Slovakia and Estonia have all admitted that they are unable to comply with the internet payment guidelines issued by the European Banking Authority (EBA), while Cyprus and Sweden will only partially comply. The guidelines, an interim measure until the revised Payments Services Directive (PSD), currently under consideration, comes into force, set minimum security requirements for PSPs across the EU.

What this means for you?

The aim of the minimum security requirements set by the guidelines is to protect consumers against payment fraud on the internet, which forms part of the on-going work of the EBA to harmonise regulatory and supervisory practices in payment services across Europe.

The FCA has stated that it “does not have the power without legislative change to make binding rules requiring all payment service providers (credit institutions, payment institutions and e-money institutions) to comply with the EBA Guidelines" but warns that “implementation of the guidelines will require some providers to make significant changes to their systems and controls”.

Click here to understand which countries comply or intend to comply with the guidelines.