FIN-FSA statement: Changes to the use of online banking code lists
According to a statement published by the Financial Supervisory Authority (FIN-FSA) today, printed online bank code lists may continue to be used in connection with payments or accessing a payment account on condition that other elements of strong customer authentication are also used in compliance with the principles of strong authentication.
The printed online banking code lists widely used by banks in Finland are easily copied, and therefore they do not, used in their present form, meet the security requirements of new European regulation. Regulation on the requirement for strong customer authentication is based on the Second Payment Services Directive (PSD2) and will enter fully into force on 14 September 2019.
When online banking code lists are used for strong customer authentication in connection with payments or accessing a payment account, elements should be added that ensure the implementation of two-factor authentication required by regulation.
Strong authentication refers to the electronic authentication of a payment service user which protects the confidentiality of security credentials and uses a procedure based on at least two of three mutually independent options. These options are:
- knowledge, i.e. something only the user knows,
- possession, i.e. something only the user possesses, and
- inherence, i.e. something only the user is.
‘Banks are required to implement changes to authentication methods so that the possibility of all customer groups to use the authentication tools without interruption is secured. Customers should be able to use the current online banking code lists in payments and accessing a payment account until the bank has adequately ensured the usability, accessibility and reliability of new methods,’ emphasises Anneli Tuominen, Director General of the FIN-FSA.
The FIN-FSA statement does not take a position on the continued use of online banking code lists in services other than payment and accessing a payment account, such as services of the authorities, for example.
Further information
Sanna Atrila, Legal Adviser. Requests for interviews are coordinated by FIN-FSA Communications, tel. +358 9 183 5030, weekdays 9.00–16.00.
See also
Statement ‘Online banking code lists as part of strong customer authentication’