LONDON: Banks should provide customers with the means to create one-off passwords from August to make buying over the Internet safer, European Union banking regulators said on Thursday.

The European Banking Authority announced details of its plans over the coming years to make e-commerce safer, breaking new ground for the watchdog in the retail payments sector.

It called on supervisors in all the bloc’s 28 countries to apply the non-binding guidelines it finalised last December and which take effect in August. They require banks to provide consumers with the means to key in a non-reusable password to authenticate an online purchase more securely.

Non-reusable passwords can include a number generated by devices supplied by the bank, or a password sent by text message to the customer’s phone. Some security systems are biometric, allowing a customer to confirm a transaction with a fingerprint. “It’s more burdensome but we are not doing this to annoy people,” Geoffroy Goffinet, EBA’s senior retail banking expert, said. “There is a major issue regarding consumer protection on the Internet.”

The EBA guidelines are a stop-gap until the EU watchdog draws up more comprehensive, binding rules by early 2019 to strengthen security across all types of digital payments, such as using a mobile phone.

The rise in online fraud prompted the guidelines to avoid a gap until the mandatory rules come into effect, Goffinet said.

The watchdog has already asked all 28 national regulators in the EU if they plan to enforce the interim guidelines from August and only three, Britain, Estonia and Slovakia, said they won’t be doing so.

Published in Dawn, May 22nd, 2015

On a mobile phone? Get the Dawn Mobile App: Apple Store | Google Play