Yes, we agree. In these last years the electronic payments and card not present transaction has been suffered by several fraud attempts. Strong authentication methods created in the meanwhile seems to have boosted consumer trust on this method of payment. So abandon this best practice could represent a brake on the development of these new services and to the development of these new PSD2 providers
Yes, we agree. These are common practices consolidated in the last years.
No, we are not aware of any other risks.
Knowledge: I’m think about the actual rules (minimum length, special characters, numbers, upper and lower case) should be the practices already in place in the “safe” environment
Possession: the access to the mobile phone should be assimilated as a valid way to satisfy the requirement of the ownership of something physical.
Yes, we agree. The exemption noted by article 98 should have to be let “more freedom” to the new service providers (AISP/PISP) to define a better customer experience.
No, we don’t because these are common practices and operating limit currently used in cardless transactions
Yes, we agree because these are common practices that they are assuring a good level of confidentiality and integrity of all data managed.
Yes, we agree but we suggest introducing an end to end cryptographic system to increase security and privacy
Yes, we agree.
The ISO 20022 is a free and open standard, so we don't see any constraint using it.
Yes, we agree about the choice done by the workshop participannts (option 1), but it should be defined before the PSD2 will come into the force. The proposed date could be October 2017 instead of October 2018 (refers to page. 22 points 74/77)
We suggest to increase this value to more than 2 times (i.e.: 12), this change it’s also related to the introduction of the SEPA Instant Credit Transfer and to give to the AIS the availability to offer a better service to the customers
[IT services provider "]"
Systems Integrator, Business consulting, Software development
Luca Pozzoli