get('text_top_button', JText::_('DEFAULT_GOTO_TOP_TEXT'))*/?>
get('text_bottom_button', JText::_('DEFAULT_GOTO_BOTTOM'))*/?>
News

Payment Card Sustainability - PSD2 Evolution - Instant Payments - EMVCo: Contactless Kernel Specification - Post Quantum Computing Threats - SPA Newsletter November 2022

 

Dear Colleagues,

 

Against a backdrop of significant disruptions, SPA and its members have continued with activities designed to address emerging risks as well as potential opportunities across the payments landscape.

 

SPA members have maintained efforts to ensure the availability of payment cards – on which millions of consumers and businesses around the world depend upon. You can find more information on our mitigation strategies here.

 

In this newsletter, we provide a summary of the key SPA activities undertaken in recent months, together with an update on our publications and upcoming events.

 

Putting Sustainability at the heart of payments

 

We’re delighted to report our first position paper on sustainable payment cards, published in January, has been well received and is prompting industry-wide discussions on what constitutes best practice when it comes to initiating a sustainable card issuance strategy.

 

Providing a detailed evaluation of today’s eco-innovative card materials and production techniques, together with a review of the wider supply chain logistics that card issuers need to consider, the Eco Friendly Payment Cards: Putting Sustainability at the Heart of Payment is the first in a series of pioneering activities undertaken by SPA and its members to accelerate end-to-end sustainability across the entire payment card lifecycle – from issuance to end-of-life/recycling.

 

The SPA Card Recycling Working Group is currently preparing a survey designed to gather perspectives and insights from card Issuers.

 

SPA notes a strong impetus and motivation across the industry to step up activities that will help minimize climate-change impact.

 

Farouk Musthafa, SPA Representative will be presenting on the topic of payment card sustainability at APSCA Next Generation Cards on 17th November 2022 in Singapore.

 

SPA and the PSD2 evolution update

 

SPA considers that it is important to ensure that standards for payment instruments are implemented in such a way that will assure consumers and retailers have real choice in which payment instrument they use.

 

As regards to the evolution of PSD2, SPA believes that:

 

• There is no obvious need for additional regulation. Of utmost importance, however, is ensuring the effective application of PSD2 and GDPR across the EU, together with enhanced personal authentication.


• To harmonize Strong Customer Authentication (SCA) methods, by promoting the use of embedded biometrics on payment cards and secure elements.


• To specify, in a delegated act such as Third Party Provider (TPP) access to an account, the conditions for ‘explicit consent’ to be granted by a customer using electronic signature.


SPA considers that the impact of regulation without standardization is reduced, and that standardization must be open to technology vendors.

 

Lorenzo Gaston, Technical Director of the SPA, will participate in a round table at Trustech on the evolution of the PSD2 on Tuesday 29th November 2022 at 11.10.

 

Instant Payments

 

On 26th October 2022, the Commission has adopted a legislative proposal to make instant payments in euro, available to all citizens and businesses holding a bank account in the EU and in EEA countries. The proposal aims to ensure that instant payments in euro are affordable, secure, and processed without hindrance across the EU.

 

Back in April 2020, SPA had announced an 'Instant Payment Card' proposition which is in line with the EC’s legislative proposal for mandatory support of instant payments. Read more here or watch video on how an Instant Payment Card would extend SEPA instant Credit Transfer functionality to consumers paying at point of sale (POS) terminals in stores and retail outlets across Europe.

 

Alain Martin, Board Member of the SPA, will participate in a round table on payments integration and cyber-resilience at Trustech on Tuesday 29th November 2022 at 14.30 and will present the SPA Instant Payment Card proposal.

 

EMVCo: Contactless Kernel Specification

 

EMVCo has published in October 2022 a new Contactless Kernel Specification named the C8.

 

SPA had submitted its comments and observations to EMVCo, highlighting why card vendors will require additional detail on the card-related specifications to assure truly comprehensive communications with the terminal kernel.

 

SPA welcomes the decision to create and launch a new EMVCo Contactless Kernel Specification and believes that the move will positively contribute to the increased and seamless acceptance of contactless cards around the globe.

 

SPA believes that migration to the new EMVCo Contactless Kernel Specification will help pave the way for the adoption of new cryptography technologies and additional functionality that will further strengthen the card payment proposition – and positively enhance security for consumers, merchants and issuers.

 

Specifically, SPA notes the new EMVCo specification features an important chapter on Elliptic Curve Cryptography for contactless payments. This welcome addition represents a significant requirements improvement when it comes to enhancing the secure communication between cards and terminals without penalising transaction times.

 

Post Quantum Computing Threats: The Time is Now for Stronger Cryptography

 

SPA has recently issued a position paper evaluating the threat quantum computing poses to card payment systems, together with a recommendation that it is time to pre-empt and proactively counter threats on the horizon by deploying stronger cryptographic approaches such as Elliptic Curve (ECC).

 

In its Security of Card Payment Systems in a Post Quantum World paper, SPA discusses how quantum computing will evolve, why banks and payment institutions need to respond accordingly, and provides some timeline predictions together with guidance on the migration path from RSA to ECC and PQC for offline payments use.

 

With cryptanalysis techniques evolving at pace, SPA highlights why the industry needs to accelerate its migration to ECC cryptography for both contact and contactless cards to mitigate risk exposure. A move, SPA believes, will be key to countering emerging new cryptanalysis methods for the next decade.

 

Looking Ahead – Upcoming Events

 

SPA will be attending a number of key events this month:

APSCA Next Generation Cards on 16, 17th November 2022 in Singapore

Trustech on 29th November – 1st December 2022 in Paris

 

Finally, I would like to extend an invitation for payment ecosystem players to get involved with SPA’s expanded Work Group Program: Market Monitoring, Security Certification, Standardization, Card Recycling and Alternative Payments Working Groups. Through these initiatives SPA is playing a key role in defining and driving the future of payment technology, and we welcome the opportunity to involve new organizations in our work. More here



Our next update will come in the New Year. In the meantime, do not hesitate to get in touch if you would like more details of our work or would like to get involved.

 

Yours sincerely,

Andreas Strobel, President - SPA