To implement the security requirements, choosing of a uniform customer identification method is expected. Under the currently effective resolution of the Board of the Bank of Lithuania, the requirements must be implemented by 1 November, 2015, and therefore proposals on a uniform solution will be awaited until this date, Lithuania's central bank said.
"Payment service providers have asked for more time to consider what advanced customer identification alternatives might be offered when customers login to internet banking. We will wait for an ultimate proposal from them; however, if no uniform solution that would be acceptable for customers is found, market participants cannot expect a long delay of the deadline for the implementation of the requirements," said member of the Board of the Bank of Lithuania Marius Jurgilas.
A uniform and advanced customer identification method, meeting the security requirements, would be more convenient for customers, would increase competition, and ensure greater sustainability in the development of e-services. It would be particularly useful and convenient if a user with one secure means could have access to all financial and government institutions.
According to Jurgilas, if market participants fail to agree and no uniform solution is put forward, already this year each payment service provider will have to prepare for the implementation of individual solutions that would ensure secure customer identification.
"Internet fraudsters are not dozing off and constantly encroach on confidential data as well as attempt to unlawfully take over people's accounts. Therefore, it must be in the interest of payment service providers themselves to introduce a more advanced identification system," said Jurgilas.
The solutions and security requirements put forward will be checked for compliance by the Bank of Lithuania in a high-principled manner. The customer verification procedure will have to be based on two elements or more. These are divided into the knowledge (e.g., permanent password, code, personal identification No), possession (e.g., mobile phone, token, smart card) and inherence (e.g., biometric data such as fingerprints) categories and are independent, as the breach of one of them does not compromise the reliability of the others.
In implementing the requirements, payment service providers will have to strengthen the other links of the payments process: the overall risk management process of an institution, security of sensitive payment data, systemic analysis of security incidents, traceability of operations, fraud identification and prevention, consumer information and raising their awareness. The requirements approved by the Bank of Lithuania are in line with the Guidelines on the Security of Internet Payments, released by the European Banking Authority in December 2014.
In Lithuania, about 116 million credit transfers were performed over 2014, an 8% increase from 2013. The rate of increase in the number of internet card payments has been even faster (31% by number of transactions), with 4.5 million transactions performed over 2014.
