Content Options:

Content Options

View Options:


You are viewing the version of the document as on 2021-01-01.

Chapter 5 Common and secure open standards of communication

Section 1 General requirements for communication

Article 28 Requirements for identification

  1. (1)

    Payment service providers shall ensure secure identification when communicating between the payer’s device and the payee’s acceptance devices for electronic payments, including but not limited to payment terminals.

  2. (2)

    Payment service providers shall ensure that the risks of misdirection of communication to unauthorised parties in mobile applications and other payment services users’ interfaces offering electronic payment services are effectively mitigated.

Chapter 5 Common and secure open standards of communication

Section 1 General requirements for communication

Article 28 Requirements for identification

  1. (1)

    Payment service providers shall ensure secure identification when communicating between the payer’s device and the payee’s acceptance devices for electronic payments, including but not limited to payment terminals.

  2. (2)

    Payment service providers shall ensure that the risks of misdirection of communication to unauthorised parties in mobile applications and other payment services users’ interfaces offering electronic payment services are effectively mitigated.

Article 29 Traceability

  1. (1)

    Payment service providers shall have processes in place which ensure that all payment transactions and other interactions with the payment services user, with other payment service providers and with other entities, including merchants, in the context of the provision of the payment service are traceable, ensuring knowledge ex-post of all events relevant to the electronic transaction in all the various stages.

  2. (2)

    For the purpose of paragraph 1, payment service providers shall ensure that any communication session established with the payment services user, other payment service providers and other entities, including merchants, relies on each of the following:

    1. (a)

      a unique identifier of the session;

    2. (b)

      security mechanisms for the detailed logging of the transaction, including transaction number, timestamps and all relevant transaction data;

    3. (c)

      timestamps which shall be based on a unified time-reference system and which shall be synchronised according to an official time signal.