On 18 March 2014, the European Central Bank published a public note on security of payment account access services in which it outlined the main outcome of a November 2013 consultation, carried out by the European Forum on the Security of Retail Payments (Forum), on recommendations for the security of mobile payments. Generally, respondents have welcomed the Forum's recommendations - in particular that third-party providers (TPPs) should be licensed, supervised and ensure that customers are appropriately authenticated.

The Forum notes that PSD2, which was published after the consultation was launched, includes a mandate for the European Banking Authority (EBA) to develop guidelines on security measures. The Forum has decided not to publish the final text of the recommendations as it was concerned that this could create confusion in the market. The Forum will instead transmit its final text to the EBA.

What this means for you

The Forum expects that, in practice, the EBA will draw heavily on the Forum’s own work. The core elements of this work are reflected in the public note.