The European Cards Stakeholders Group is a multi-stakeholder, market self-regulated approach to European card standardisation with market-driven implementation
A PLATFORM FOR A EUROPEAN DIALOGUE ON CARDS AND CARD BASED TRANSACTIONS
Latest News
January 14, 2020
Publication of SCS Volume version 9.0
On 15 January 2020, the European Cards Stakeholders Group (ECSG) published version 9.0 of the Single Euro Payments Area (SEPA) Cards Standardisation Volume. This document defines a standard set of requirements to enable an interoperable and scalable card and terminal infrastructure across SEPA, based on open international card standards.
In version 9.0 of the Volume, updates to the books were made to accommodate the following;
-
Conformance to new European regulations GDPR, PSD2 and EBA RTS on SCA and CSC
-
Integration of global standards for card payments including Host Card Emulation, remote payments using 3DS version 2.0 and a reference to FIDO
-
Contactless card acceptance at ATM
-
The production of a Tokenisation Annex
-
Updates as a result of public consultation comments.
Book 3 is currently under maintenance to integrate the new ISO ATICA Version 2 standard. A separate release cycle was therefore decided for this Book which will lead to a separate publication in September 2020.
July 25, 2019
Bulletin on RTS SCA Article 11 implementation
ECSG Volume working groups were assigned by the Board to perform an analysis on the issues related to the implementation of RTS SCA for proximity low value amount transactions. An inventory of market implementations was collected and four possible transaction flows were identified (decline; switch interface; re-present card and enter PIN; enter pin without a second tap). Based on this analysis, it was decided to update Req. T77 in Book 2 and to publish an informative Bulletin on ECSG website before RTS SCA coming into force.
Public consultation - SEPA Cards Standardisation Volume v8.5 and Tokenisation Considerations for SEPA Card Payments
The European Cards Stakeholders Group (ECSG), the industry association in charge of cards standardisation in the Single Euro Payments Area (SEPA), is today releasing version 8.5 of the SEPA Cards Standardisation Volume (the Volume) for a three-month public consultation. The Volume is considered a key document for the cards industry, with a goal of achieving cards standardisation, interoperability, and security in Europe.
Following the same timing and methodology as the Volume version 8.5 consultation, Tokenisation Considerations for SEPA Card Payments is also being published for consultation on the ECSG website. This document details the requirements or recommendations for the adoption and implementation of tokenisation in the SEPA region and includes references to global standards where available.
To ensure that the proposed documents truly reflect market needs, all stakeholders are invited to supply feedback on both consultations by 29 March 2019.
The three-month public consultation for the Volume is part of a regular planned cycle which ensures that the Volume is kept up-to-date with developments in card technology and regulation. An important update to the Acquirer-to-Issuer Card Messages (ATICA) Standard is not available in this cycle, so Book 3, on Data Elements, will undergo a separate consultation in 2019. However, subject to the timely availability of the ATICA Standard, the final version of Book 3 will be delivered as part of version 9.0 at the same time as all other Books in the Volume with no impact on the final publication deadline in December 2019 or January 2020. For the first time, the Volume Books – with the exception of Book 3 – will be published in versions with tracked changes. However, comments are also expected on the ‘clean’ published versions.
The main scope of the update for the Volume Books addresses regulatory and innovative aspects as well as performance updates as part of the standard Volume cycle. Below is a list of the main amendments applied to the Volume Books:
-
General updates relating to Compliance with European Regulations and Directives (the revised Payment Services Directive (PSD2), the Regulatory Technical Standards (RTS) on strong customer authentication (SCA) and secure open standards of communication (CSC) as well as the General Data Protection Regulation (GDPR)).
-
Additions and clarifications to the functional requirements listed in Book 2 based on analysis of PSD2 and RTS SCA/CSC as well as the introduction of Consumer Device Cardholder Verification Method (CDCVM) and biometrics. New references to more recent and updated publications have been added for Mobile Contactless Card Applications and Mobile Devices. Information concerning language selection for contactless application selection has also been added, in addition to clarifications for initiating contactless transactions at automated teller machines (ATMs).
-
New security updates to Book 4, including descriptive sections and new security requirements for compliance with PSD2 and the RTS SCA/CSC, and an updated overview with related requirements for mobile contactless payments, particularly for Host Card Emulation (HCE)-based payments.
-
SEPA Cards Transaction flow now includes a section on “typical configurations for accepting card data”, migrated from Book 4.
As mentioned earlier, the ECSG has performed a separate initiative for documenting Tokenisation Considerations for SEPA Card Payments. This document should be considered separate to the Volume Books although it is subject to the same consultation period. It addresses the topic of tokenisation from angles deemed of interest to ECSG members:
-
A holistic approach that covers different tokenisation models (issuer, acquirer, merchant).
-
A view on both payment and non-payment tokens.
-
Adoption of global standards and guidelines from EMVCo and PCI, among others.
-
Keep open to other existing payment token solutions such as ‘alternate PAN’ or ‘dynamic’ virtual numbers.
-
Considerations about the Token Service Provider (resulting in the adoption of a Business Principle).
-
Retailer needs following the introduction of tokenisation, and in particular, considerations around the EMVCo Payment Account Reference (PAR) data element.
-
Clarifying the flexibility needed around PAR generation and:
-
exploring the links between co-badging and tokenisation,
-
European regulatory considerations, especially GDPR.
-