What is this PAS 499 - Industrial communication networks - Fieldbus specifications about?
PAS 499 is for organizations with regulatory requirements under the Second Payment Services Directive (PSD2) and related regulations. It covers how organizations can implement robust customer authentication processes. In particular, it focuses on management principles and takes a regulatory view of identification and strong customer authentication, specifically in relation to PSD2.
PAS 499 also applies to management processes for creating, accessing or managing accounts digitally, users making a payment via a mobile device or other computer, users making a contactless payment using an electronic device, a retailer receiving such payments, third-party roles, delegated authority, and a bank or payment service provider administering such transactions.
NOTE: PAS 499 does not cover contactless payments made using plastic cards, transactions in the context of the internet of things, digital currencies, specifics of payment devices or payment terminals.
Who is this PAS 499 - Industrial communication networks - Fieldbus specifications for?
PAS 499 on code of practice for digital identification and strong customer authentication is useful for:
- Financial organizations (e.g., banking, online payment providers)
- Organizations needing to comply with Payment Services Directive (PSD2)
Why should you use PAS 499 - Industrial communication networks - Fieldbus specifications?
Robust digital identity and user authentication processes are essential for minimizing the risks of online transactions. PAS 499 provides you with recommendations to consider when implementing strong customer authentication in line with the Second Payments Services Directive (PSD2). It also provides recommendations and guidance on process design elements that optimize implementing a system to meet legal requirements.
PAS 499 provides you supporting guidance as informative annexes, including use cases to address common scenarios and strong customer authentication and a summary description of additional good practice that can be used in developing a compliant secure system.
PAS 499 also covers the management operations relating to systems for identification and strong customer authentication for regulated industries, including identity validation, identity verification, enrolment, authentication, delegated authority and authorization, security and usability and risk models for authentication.