get('text_top_button', JText::_('DEFAULT_GOTO_TOP_TEXT'))*/?>
get('text_bottom_button', JText::_('DEFAULT_GOTO_BOTTOM'))*/?>

Payment Card Sustainability - Trustech - EPSG - EU Regulations - DORA - CRA - eIDAS - Smart Payment Association Newsletter - November 2023

Dear Colleagues,


Thanks for tuning in once again to discover the latest news and insights from SPA. With the world of payments changing faster than ever, in this newsletter we review progress on some of the workstreams currently underway at SPA and discover what’s on the horizon for the coming months.


Payment Card Sustainability


Earlier this year, SPA conducted pioneering research, in collaboration with the analyst Frost & Sullivan, to discover how European banks are rising to the challenge of managing end-of-life payment cards in a more sustainable way.

In July, SPA published its 2023 Payment Card Collection and Recycling Report. This ground-breaking study is the first of its kind to feature contributions from payment card professionals in European banks. It provides a detailed snapshot of how issuers are implementing their sustainability programs and their progress to date.


SPA will be presenting key findings from the report at TRUSTECH 2023 in Paris, on 28th November at 16.00 CET on the Payments & Innovation conference track.




SPA hopes that learnings from this report will enable issuers to refine and optimize their card collection and recycling strategies to accelerate end-to-end sustainability across the payment card lifecycle.


European Payments Stakeholders Group (EPSG)


Throughout the summer, SPA continued to play a key leading role across a number of EPSG workstreams.

As part of the EPSG future-looking focus group, SPA lead efforts to integrate Elliptic Curve Cryptography (ECC) into the next Volume Book of Requirements. We are delighted to confirm that a roadmap for the publication of the specifications contributed by SPA has now been approved.

The EPSG is exploring ways to align e-IDAS 2.0 functionalities with existing mobile wallets in the market. SPA is playing a key supporting role – contributing to discussions on how to apply e-IDAS to a range of retail payments and instant payment use cases.

SPA has also been active in drafting the Program of Work for Instant Payments, as a key contributor to the EPSG Transition Task Force (TTF). The TTF will deliver its recommendations to the EPSG Board in November 2023, and SPA has been actively defending – and highlighting the value of – NFC instant payments.

Finally, following the enactment of the EU’s Digital Operational Resilience Act (DORA), SPA is leading the EPSG effort to assess the impact of this regulation for the EU Payments Industry. DORA has been complemented by four additional Regulatory Technical Standards (RTS). Drafted in July 2023, the proposals are now out for public consultation. Eight additional RTS have also been announced, with draft proposals expected to be published for consultation by the end of this year.

SPA will conduct a detailed analysis of these new legal documents and help the EPSG evaluate whether these additional requirements for compliance with DORA provisions will be included in the next release of the EPSG Volume Book of Requirements.


New EU Regulations target more resilient European Payment systems

DORA and the Cyber Resilience Act (CRA) have been designed with the intent of strengthening operational resilience across the finance sector. The strategic objectives being to impose specific ICT security controls and risk management practices on a much wider number of participants in the financial market.

DORA provides a harmonized framework across the EU financial sector and critical third-party service providers. This landmark legislation may also open the door to enhancing the security of data exchanged between banks and their subcontractors by creating a level playing field through standardization.

With respect the CRA, European Lawmakers have confirmed that a specific Regulatory Technical Standard (RTS) will establish set out security requirements for secure elements in mobile devices, smart cards and hardware security modules.

SPA is awaiting further details to better understand how this RTS will relate to specific payment system components. At present, SPA believes current processes for the development, production, testing and certification of payment system components are proving sufficient to tackle fraud.


Looking ahead


Our next newsletter will be published in January 2024. In the meantime, please do not hesitate to get in touch if you would like more details of our work or would like to get involved with SPA.


Yours sincerely,
Alain Martin, President SPA