The European Banking Authority (EBA) has launched a public consultation that proposes revising the Guidelines on major incident reporting under the Payment Service Directive (PSD2).
The existing Guidelines on major incident reporting set out the criteria, thresholds, and methodology to be used by PSPs to determine whether or not an operational or security incident should be considered major and how said incident should be notified to the CA in the home Member State.
The consultation paper proposes the introduction of a new incident classification criterion such as ‘breach of security measures’. These capture security incidents where the breach of the security measures of the PSP has an impact on the availability, integrity, confidentiality and/or authenticity of the payment services related data, processes and/or systems.
The consultation paper also introduces changes to the thresholds for the calculation of the criteria ‘transactions affected’ and ‘payment service users affected’.
In addition, to improve the quality of the reports collected, the EBA suggests the use of a standardised file for reporting major incident reports, streamlining the reporting template, and adding further granularity to the reported causes of incidents and aligning those to other incident reporting frameworks in the EU.
Finally, the EBA proposes to remove the regular updates on the intermediate report and to extend the deadline for submission of the final report.
The consultation runs until 14 December 2020.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now