Banking & Fintech /

Cybersecurity of payment services – letter of KNF Chairman

On February 15th, 2021, the Chairman of the Polish Financial Supervision Authority (KNF), in a letter addressed to payment service providers, including banks, credit unions, and domestic payment institutions, indicated typical cybersecurity gaps in electronic access channels to payment services. The letter also contains specific supervisory guidelines for addressing these gaps.

Main topics covered by the letter:

  1. possibility to exclude strong customer authentication (SCA) for low-value transactions [art. 16 Commission Delegated Regulation (EU) 2018/389 of 27 November 2017 supplementing Directive (EU) 2015/2366 of the European Parliament and of the Council with regard to regulatory technical standards for strong customer authentication and common and secure open standards of communication] shall always be optional, whereas the customer’s consent for disabling SCA shall always be explicit and informed,
  2. including active hyperlinks in e-mail or text messages (SMS) shall be no longer used and replaced with providing information through mobile apps and e-banking platforms (web services),
  3. attachments to e-mail messages shall be secured with secure passwords, whereas the passwords shall not be created using the personal data of clients and should be provided to the customer in a separate communication channel.

Even though the KNF Chairman’s guidelines are not binding and are not an official interpretation of the law, they will surely be respected by KNF and required from market participants.

Author team leader DKP Legal Piotr Putyra
Contact our expert
Write an inquiry: [email protected]
check full info of team member: Piotr Putyra

Contact us

Młyńska 16
61-730 Poznań
+48 61 853 56 48[email protected]
Rondo ONZ 1
00-124 Warsaw
+48 22 300 16 74[email protected]
Swobodna 1
50-088 Wrocław
+48 61 853 56 48[email protected]
Opolska 110
31-355 Kraków
+48 61 853 56 48[email protected]
Jana Sobieskiego 2/3
65-071 Zielona Góra
+48 61 853 56 48[email protected]