Compelo Banking - Latest industry news and analysis is using cookies

We use them to give you the best experience. If you continue using our website, we'll assume that you are happy to receive all cookies on this website.

ContinueLearn More

EBA calls for non-reusable passwords to make online shopping safer in EU

The European Banking Authority (EBA) has instructed banks to provide customers with options to create one-time passwords starting from August.


The new guidelines prompted by a spike in online fraud will require banks to provide customers with non-reusable passwords that are required to be keyed in for transacting online. This is to make online shopping safer for customers.

These passwords can include a number generated by devices supplied by the bank or a password sent to the customer through text message. Customers can also confirm a transaction by their fingerprint in case of biometric security systems.

EBA said in a statement: "The legislative framework for retail payments in the European Union (EU) has seen important developments in recent months, such as the advancements in the negotiations for the revised Payments Services Directive (PSD2) and the finalisation of the EU Regulation on Interchange Fees (IFR).

"The European Commission, Council and Parliament are currently in the final negotiation stages of the PSD2 and once the Directive is agreed upon, the EBA will approach the industry and other interested parties to gather their input at an early stage of the regulatory development process."

The PSD2 mandates will require the enhancement of operational and security requirements for payment services. The authority will develop this in partnership with the European Central Bank (ECB) through the Forum for the Security of Retail Payments (SecuRe Pay).

All the 28 member states will need to apply the non-binding guidelines that were finalized last December.

Out of the 28 countries, Britain, Estonia and Slovakia will not implement the new rule, citing lack of legal powers to make banks and payment companies comply, reported Reuters.

The publication further adds that the EBA guidelines are a temporary arrangement till more concrete and binding rules are drafted to strengthen security across all types of digital payments by early 2019.

Image: A rise in online fraud has promted the European Banking Authority to initiate the move. Photo: courtesy of Stuart Miles.