Online and mobile payments: Supervisory challenges to ...

[Pages:87]Online and mobile payments: Supervisory challenges to mitigate security risks

September 2016

Online and mobile payments: Supervisory challenges to mitigate security risks

2

Online and mobile payments: Supervisory challenges to mitigate security risks

Acknowledgements FinCoNet would like to acknowledge the efforts of Standing Committee 3 in developing and getting this project to finalisation. Standing Committee 3 consists of representatives from Brazil, Canada, China, Japan, Portugal, South Africa and the United Kingdom and had the assistance of staff from the OECD Secretariat. In particular, we would like to thank Maria L?cia Leit?o as Chair of the Standing Committee as well as Teresa Frick, Steve Trites, Takuo Komori, Kensuke Horii, Kazuhito Yoshida, Ikumi Kato,Tiandu Wang, Xiaoxiao Li, Shaoshua Zhang, Stanislaw Zmitrowicz, Andr?ia Lais de Melo Silva Vargas, Caroline da Silva, Claire Lawrie, Marta Alves, Patr?cia Guerra, Carla Ferreira, In?s P?voa, and Teresa Cutelo, for their work in writing and producing the survey and report.

About FinCoNet The International Financial Consumer Protection Organisation (FinCoNet) was established in 2003 as an informal network of financial consumer protection regulators and supervisors to discuss consumer protection issues of common interest. It is recognised by the Financial Stability Board (FSB) and Group of 20 (G20). In November 2013, FinCoNet was formalised as a new international organisation of financial consumer protection supervisory authorities. The goal of FinCoNet is to promote sound market conduct and enhance financial consumer protection through efficient and effective financial market conduct supervision, with a focus on banking and credit. FinCoNet members see the Organisation as a valuable forum for sharing information on supervisory tools and best practices for consumer protection regulators in financial services. By sharing best practices and by promoting fair and transparent market practices, FinCoNet aims to strengthen consumer confidence and reduce systemic consumer risk.

3

Online and mobile payments: Supervisory challenges to mitigate security risks

4

Online and mobile payments: Supervisory challenges to mitigate security risks

Contents Executive Summary ...............................................................................................................9

Online and mobile payments ................................................................................................9 Purpose and overview of the report....................................................................................10 Overview of the survey .......................................................................................................11 Next steps proposal ............................................................................................................11 Supervisory approach to mitigate security risks .................................................................12 Background ..........................................................................................................................15 Payments in the digital age.................................................................................................15 Digital payments in the international agenda......................................................................19 Online and mobile payment services .................................................................................23 Key points from the survey responses................................................................................23 Overview ............................................................................................................................. 23 Categorisation of payment services....................................................................................24 Online payments.................................................................................................................25 Mobile payments.................................................................................................................28 Barriers to the use of innovative payment services ............................................................30 Payment providers ...............................................................................................................33 Key points from the survey responses................................................................................33 Overview ............................................................................................................................. 33 Financial vs. non-financial providers...................................................................................34 Security risks........................................................................................................................38 Key points from the survey responses................................................................................38 Overview ............................................................................................................................. 38 Main security incidents .......................................................................................................39 Causal drivers of security risk.............................................................................................43

5

Online and mobile payments: Supervisory challenges to mitigate security risks

Risk mitigation initiatives.....................................................................................................44 Regulatory framework .........................................................................................................51

Key points from the survey responses................................................................................51 Overview ............................................................................................................................. 51 National framework.............................................................................................................51 International guidance ........................................................................................................59 Self-regulation initiatives.....................................................................................................60 Supervisory framework .......................................................................................................62 Key points from the survey responses................................................................................62 Overview ............................................................................................................................. 62 The scope of supervision....................................................................................................63 A collaborative supervisory approach.................................................................................64 Supervisory tools ................................................................................................................66 Enforcement powers...........................................................................................................72 Financial education initiatives .............................................................................................73 Conclusions .......................................................................................................................... 77 Glossary ................................................................................................................................80 References ............................................................................................................................84

6

Online and mobile payments: Supervisory challenges to mitigate security risks

Table of acronyms

App BIS CNP CPMI CPSS

CI EBA EBPP

EC ECB EMV

EP EPC

EU FinCoNet

FSB GPFI INFE MNO NFC OECD OTP PCI DSS PSD PSP QR-Code RFID SecuRe Pay SEPA SMS USSD

Application Bank for International Settlement Card Not Present Committee on Payments and Market Infrastructures Committee on Payment and Settlement Systems Consumers International European Banking Authority Electronic Bill Presentment and Payment European Commission European Central Bank Europay, MasterCard, and Visa (standard) European Parliament European Payments Council European Union International Financial Consumer Protection Organisation Financial Stability Board Global Partnership for Financial Inclusion (OECD) International Network on Financial Education Mobile Network Operator Near Field Communication Organisation for Economic Cooperation and Development One-Time Password Payment Card Industry Data Security Standard (EU) Payment Services Directive Payment Service Provider Quick Response Code Radio Frequency Identification European Forum on the Security of Retail Payments Single Euro Payments Area Short Message Service Unstructured Supplementary Service Data

7

Online and mobile payments: Supervisory challenges to mitigate security risks

8

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download