Strong customer authentication – phishing increase predicted by KNF
The Commission Delegated Regulation (EU) 2018/389 of November 27, 2017 supplementing Directive (EU) 2015/2366 of the European Parliament and of the Council of November 25, 2015 on payment services in the domestic market will enter into force on September 14, 2019 (…) in relation to regulatory technical standards for strong customer authentication and common and secure open communication standards. The Regulation implements the PSD2 Directive in the field of so-called strong authentication. According to the Polish Financial Supervision Authority (KNF), the changes are an opportunity for criminals who, using the new regulations, will intensify phishing attacks aimed at extortion of sensitive data from payment service clients.
The KNF calls for extreme caution and suspicion. Justified suspicions should arise in particular:
- during all communications, including e-mails, SMS or telephone contact attempts referring to changes in regulations in which the customer is asked to provide sensitive data (e-banking login details, authorization codes, PIN codes, personal data) )
- during all messages, including e-mails, SMS or telephone contact attempts informing about the account being blocked, in which the customer is asked to: (i) click on the internet link, (ii) change the password or login details using the sent Internet link, (iii) opening an attachment, (iv) launching / installing a specific program including a mobile application, (v) making a specific payment or online transfer.
The changes that will come into force on September 14, 2019 are described in more detail in one of the previous entries.
We invite you to contact our Law Firm, which offers services such as:
- representation in front of KNF,
legal design of the systems of strong customer authentication used by payment services providers