- India Seeks Comment On Draft Framework For Alternative Authentication Methods
- ESMA Issues Opinion On Global Crypto Firms Using Non-EU Execution Venues
- One In Ten Canadians Hit By Payments Fraud In Past Six Months
- ESAs Release Final Report On ICT Subcontracting Standards Under DORA
- Visa Fined For Deploying Authentication Solution Without Approval In India
- Kazakhstan Launches Live Programmable CBDC Trial
India Seeks Comment On Draft Framework For Alternative Authentication Methods
The Reserve Bank of India (RBI) is seeking feedback on a new draft framework for alternative authentication methods for digital payments, such as biometrics and software tokens.
The framework applies to all payment system providers and payment system participants, as defined in the Payment and Settlement Systems (PSS) Act 2007.
It provides definitions for new types of authentication mechanisms that may be used in digital payments and establishes how these authentication interactions are to be conducted.
It also details payments that are exempted from additional factor of authentication (AFA) requirements, such as recurring payments and card-present transactions of up to INR5,000 ($60).
The RBI had already mandated AFA for certain digital payments, and although previous regulations did not mandate the use of SMS-based one-time passwords, this approach has been “primarily adopted” by digital payments operators.
ESMA Issues Opinion On Global Crypto Firms Using Non-EU Execution Venues
The European Securities and Markets Authority (ESMA) has published an opinion addressing the risks posed by global crypto firms operating under the Markets in Crypto-Assets (MiCA) regulation.
The opinion focuses on firms seeking authorisation for their crypto brokerage activities within the EU while maintaining significant intra-group execution venues outside the EU's regulatory scope.
ESMA highlights the potential dangers of such arrangements, noting that they could undermine consumer protection and create an uneven playing field compared with EU-authorised execution venues.
The regulator urges national competent authorities (NCAs) to scrutinise these business structures closely during the authorisation process, and emphasises the need to prevent firms from circumventing MiCA obligations.
The opinion recommends a case-by-case assessment of firms' compliance with key requirements, including best execution practices, managing conflicts of interest and upholding clients' interests.
It also stresses the importance of proper custody and administration of crypto-assets on behalf of clients.
One In Ten Canadians Hit By Payments Fraud In Past Six Months
A new report from Payments Canada based on a survey of 1,500 Canadians has found that 13 percent of respondents have experienced payment fraud in the past six months.
The most frequent types of payments fraud reported were unauthorised transactions (38 percent) and impersonator contact (34 percent).
Of those who experienced payment fraud, 59 percent lost funds.
Around one third of survey respondents said they now struggle to determine whether a payments-related communication is legitimate.
However, the percentage of Canadians who experienced payment fraud dropped one percent compared to the same period in 2022.
ESAs Release Final Report On ICT Subcontracting Standards Under DORA
The European Supervisory Authorities (EBA, EIOPA, and ESMA) have published a joint final report on the draft Regulatory Technical Standards (RTS) for subcontracting information and communication technology (ICT) services under the Digital Operational Resilience Act (DORA).
These standards aim to improve the digital operational resilience of the EU financial sector by enhancing ICT risk management in relation to subcontracting.
The RTS focus on ensuring that financial entities effectively assess and manage the risks associated with subcontracting ICT services, particularly those that support critical or important functions.
This includes specifying the requirements for the entire lifecycle of contracts with ICT third-party service providers — from the pre-contractual phase through to due diligence, ongoing management and monitoring.
The standards are designed to ensure that financial entities maintain control over their risks, even when relying on subcontractors, thereby reinforcing the overall stability and resilience of the EU financial sector.
Visa Fined For Deploying Authentication Solution Without Approval In India
The Reserve Bank of India (RBI) has imposed a penalty of INR24m ($286,000) on Visa Worldwide for deploying a payment authentication solution without regulatory clearance.
The RBI said it served Visa with a show cause notice asking why it should not be fined for non-compliance with the Payment and Settlement Systems (PASS) Act 2007.
Subsequent statements by Visa led to a “compounding” of the original penalty, the regulator said.
Two other payment system operators, Manappuram Finance and Ola Financial Services, also received small fines for violations of the PASS Act and know your customer (KYC) regulations.
Kazakhstan Launches Live Programmable CBDC Trial
The National Bank of Kazakhstan has begun testing a programmable central bank digital currency (CBDC) as part of a procurement process for the construction of a new railway.
This month, the central bank confirmed that the digital tenge will be used in the construction of the Dostyk–Moynty railway.
The funds will be marked using the digital tenge platform and will be released only when the recipients fulfil certain conditions.
“Marking technology reduces the risks of misuse of allocated funds, and also contributes to ensuring transparency and efficiency of public spending,” the regulator said.