On October 14th, 2020 the European Banking Authority has opened the consultation paper on the draft revised Guidelines on major incident reporting under PSD2. The goal is to simplify the reporting for payment services providers, as well as make the reports more meaningful. The consultation is open until 14 December 2020.
EBA proposes the introduction of:
- new incident classification criterion ‘breach of security measures’ to capture security incidents where the breach of the security measures of the payment services provider has an impact on the availability, integrity, confidentiality, or authenticity of the payment services related data, processes or systems;
- changes to the thresholds for the calculation of the criteria ‘transactions affected’ and ‘payment service users affected’;
- standardized file for reporting major incident reports; as well as
- removing the regular updates on the intermediate report and extending the deadline for submission of the final report.
Each payment services provider is allowed to submit its comments and suggestions through EBA channel: