Payment Standards - Biometrics - Instant Payments - Trustech - SPA Workgroups Program - November 2018

 

 

 

 

 

Dear Colleagues,

 

In putting together this short update, I have been considering the role of payment standards bodies, and their continued (and rapidly growing) importance in addressing the significant challenges facing the future of the payment industry.

 

I have also been reflecting on SPA’s drive to communicate our vision of this rapidly changing industry through numerous events and conferences,  and wanted to highlight the tremendous work being carried out by our Work Groups members in helping to define and shape the discussion within our fast-evolving sector.

 

 

From on-card biometric authentication, through assuring the smooth flow of mobile P2B credit transfers, to addressing the wider issues of device, payment model and service provider proliferation, the need for appropriate levels of standardization is vital.
 
This is hardly a new requirement, of course. The history of the payments industry is one of standards-driven interconnectivity and interoperability. However, as we seek to keep up with, and maintain control over, today’s increasingly complex and interdependent ecosystem of technologies and providers, the need to develop appropriate and widely embraced standards (and regulations) has never been so great.

 

Biometrics has been high on our agenda. Building on activity in first half of the year, SPA continues to advocate strongly for standardization in biometric authentication for card payment systems. We are therefore confident that the next version of the SEPA for Cards Volume Book of Requirements will reflect this major technological innovation for personal authentication.

 

The evolution of retail payments is a good example of today’s pace of change. Here, the growth of non-traditional payment options, not least the drive to instant payments, asks important questions – not only around the security of new payment instruments, but also of interoperability and certification. For our part, SPA believes the creation of a standardization framework akin to the controls already in place in the card domain is crucial for the retail payment industry and the needs of end-users: both consumers and retailers.

 

This is why SPA invests so much time and expertise in helping to drive standardization efforts. In the past six months, for example, SPA has actively contributed to the European Payments Council (EPC) initiative on SEPA Mobile Instant Credit Transfer – most prominently in the Security Working Group where we are able to offer significant technical expertise.   

 

We have also worked within the European Cards Stakeholder’s Group (ECSG) to ensure the next release of the SEPA for Cards volume is available according to schedule, incorporates advanced biometric authentication, and aligns with the new regulatory frameworks (PSD2, RTS on SCA and General Data Protection Regulation (GDPR)) applicable for card payments. Similarly, we have carefully reviewed and responded to the relevant drafts of the second generation for payment cards and terminals released by EMVCo.

 

While some standards are being developed in this regard, it is important to go beyond issues of technical interoperability to ensure the right standard of personal data privacy and security in compliance with global data protection regulations. Thus, the GDPR very properly categorizes biometric data as ‘sensitive personal data’ and sets out specific controls for enrolment, storage and processing. In this respect, SPA believes that the payment card is the most convenient, secure and privacy-protective device to store, process and compare biometric data.

 

We have been, as always, active on the speaker circuit. We recently submitted a contribution to the European Banking Authority’s Annual Conference advocating for a greater focus on security technology to drive the integration of European payment infrastructures.

 

SPA shares the EBA’s opinion expressed in June of this year (EBA-Op-2018-04) on the implementation of the RTS on SCA with regards the nature of the authentication factors that can be used in a card payment context. Yet, we also believe that technology that has proved useful in tackling cards fraud should continue to play a significant role in this new context. An example is a payment card generating a dynamic authentication code by transaction.

 

 

At Payments International, SPA Technical Director, Lorenzo Gaston is speaking alongside Lloyds Bank Head of mCommerce, Monica Carlesso. Entitled “IoT Payments - What would a fully connected world look like?” this presentation addresses the impact of technology disruption on payment. As a partner of the event, SPA has secured a 20% discount available here.

 

At Trustech, SPA Retail Work Group Facilitator, François Lecomte-Vagniez will be chairing a conference track exploring the importance of mastering the payment process. Entitled “Invisible payment for high value services in the retail customer journey”, you can find  more details here. As a partner of the event, SPA has secured a discount rate using the code PARTT18 (400 € instead of 950 €) available here.

Finally, I would like to extend an invitation for payment ecosystem players to get involved with SPA’s expanded Work Group Program: Market Monitoring, Security Certification, Standardization and Retail Work Groups. Through these initiatives SPA is playing a key role in defining and driving the future of payment technology, and we welcome the opportunity to involve new organizations in our work.  
 
Our next update will come in the New Year. In the meantime, do not hesitate to get in touch if you would like more details of our work or would like to get involved.

 

Yours sincerely,

Julien Drouet

SPA President