Consumers and service providers should take note of some of the enhanced risks upon an e-money institution’s insolvency.

By Hongbei Li

Technology is rapidly changing the way customers and businesses interact with financial systems. Fintech companies are a driving force behind the disruption of traditional banking and payment services, with regulatory innovation close behind.

In the 12 months to June 2021, electronic money institutions (EMIs) in the UK processed more than £500 billion of transactions, according to Financial Conduct Authority (FCA) data. In 2019, UK EMIs held £10 billion in customer funds, the UK government estimates. By 2025, more than seven in 10 smartphone owners will be mobile P2P payment users. As a major remittance source country, the UK has seen a 30% growth in its digital remittance market in 2021. According to Statista, this market is predicted to grow to more than $4.6 billion by 2025. These trends are fuelling the UK’s ambition to become a world leader in payments innovation.

European Commission confirms SCA measures should apply to EU consumers purchasing from UK websites in the event of a no-deal Brexit.

By Christian F. McDermott, Jagveen S. Tyndall, and Amy Smyth

Complex payment processing chains comprise multiple entities operating behind the scenes to support everyday transactions.

The strong customer authentication (SCA) requirements introduced by the revised EU Payment Services Directive (PSD2) aim to reduce fraud and make online payments more secure (as described in previous posts of June and August 2019). SCA requires that a customer provide two forms of identification that meet the following criteria:

By Christian McDermott, Calum Docherty, Stuart Davis and Anne Mainwaring

The European Banking Authority (EBA) has published its consultation document on security measures for operational and security risks under the revised Payment Services Directive (PSD2).

Technology - dreamstime_xxl_19374657The WannaCry ransomware attack that swept across the globe last week revealed the destructive and indiscriminate nature of cyber threats. It attacked hospitals, telecoms networks and universities, seizing hold of important data and leaving users and systems administrators temporarily powerless. These are precisely the risks that the payments industry wants to avoid as it braces for the revised PSD2, which will come into force across the EU from 13 January 2018. As such, the EBA has published a consultation paper on security measures for operational and security risks under PSD2, setting out proposed requirements for payment services providers (PSPs) to mitigate the concomitant payment processing risks.

The consultation paper is one of the EBA’s three security mandates in PSD2, complementing the Regulatory Technical Standards on Strong Customer Authentication and Common and Secure Communication (submitted to the European Commission for adoption 23 February 2017), and the Guidelines on Major Incidents Reporting (which recently finished its consultation).