The British Standards Institution (BSI) has published a publicly available code of practice for digital identification and Strong Customer Authentication (SCA).
The new specification - PAS 499:2019 - is for organisations with regulatory requirements under the second Payment Services Directive (PSD2) and related regulations.
It focuses on management principles and takes a regulatory view of identification and strong customer authentication, including: identity validation; identity verification; enrolment; authentication; delegated authorisation; risk models; security and usability.
It also applies to management processes for creating, accessing or managing accounts digitally; users making a payment via a mobile device or other computer; users making a contactless payment using an electronic device; a retailer receiving such payments; third-party roles; delegated authority; and a bank or payment service provider administering such transactions.
It does not cover contactless payments made using plastic cards; transactions in the context of the internet of things; digital currencies; specifics of payment devices or payment terminals.
Tim McGarr, digital sector lead at the BSI, said: “At a time when cyber crime and fraud are on the rise, it is critical that organizations have robust digital identity and user authentication processes in place to minimize the risks of their online transactions.
“PAS 499:2019 provides the recommendations needed to optimise and implement a system that supports legal and regulatory requirements.”
The new code was developed by a steering committee and underwent a peer and public review, as is normal practice in such a consensus document.
Latest News
-
Gemini to cut quarter of workforce and exit UK, EU and Australia as crypto slump forces retrenchment
-
Bank ABC’s mobile-only ila bank migrates to core banking platform
-
Visa launches platform to accelerate small business growth in US
-
NatWest to expand Accelerator programme to 50,000 members in 2026
-
BBVA joins European stablecoin coalition
-
eToro partners with Amundi to launch equity portfolio with exposure to ‘megatrends’
Creating value together: Strategic partnerships in the age of GCCs
As Global Capability Centres reshape the financial services landscape, one question stands out: how do leading banks balance in-house innovation with strategic partnerships to drive real transformation?
Data trust in the AI era: Building customer confidence through responsible banking
In the second episode of FStech’s three-part video podcast series sponsored by HCLTech, Sudip Lahiri, Executive Vice President & Head of Financial Services for Europe & UKI at HCLTech examines the critical relationship between data trust, transparency, and responsible AI implementation in financial services.
Banking's GenAI evolution: Beyond the hype, building the future
In the first episode of a three-part video podcast series sponsored by HCLTech, Sudip Lahiri, Executive Vice President & Head of Financial Services for Europe & UKI at HCLTech explores how financial institutions can navigate the transformative potential of Generative AI while building lasting foundations for innovation.
Beyond compliance: Building unshakeable operational resilience in financial services
In today's rapidly evolving financial landscape, operational resilience has become a critical focus for institutions worldwide. As regulatory requirements grow more complex and cyber threats, particularly ransomware, become increasingly sophisticated, financial services providers must adapt and strengthen their defences. The intersection of compliance, technology, and security presents both challenges and opportunities.
© 2019 Perspective Publishing Privacy & Cookies
Recent Stories