PRICES include / exclude VAT
Sponsored link
immediate downloadReleased: 2019-07-31
PAS 499:2019 Code of practice for digital identification and strong customer authentication

PAS 499:2019

Code of practice for digital identification and strong customer authentication

Format
Availability
Price and currency
English Secure PDF
Immediate download
121.00 EUR
You can read the standard for 1 hour. More information in the category: E-reading
Reading the standard
for 1 hour
12.10 EUR
You can read the standard for 24 hours. More information in the category: E-reading
Reading the standard
for 24 hours
36.30 EUR
English Hardcopy
In stock
121.00 EUR
Standard number:PAS 499:2019
Pages:36
Released:2019-07-31
ISBN:978 0 580 94481 9
Status:Standard
DESCRIPTION

PAS 499:2019


This standard PAS 499:2019 Code of practice for digital identification and strong customer authentication is classified in these ICS categories:
  • 03.060 Finances. Banking. Monetary systems. Insurance
  • 35.240.15 Identification cards. Chip cards. Biometrics
  • 35.240.40 IT applications in banking

This PAS gives recommendations for, and is for use by, all organizations requiring identification and authentication for digital activities in the context of regulatory requirements for defined levels of identification assurance and strong customer authentication, as required in the Second Payment Services Directive (PSD2) and related regulations.

NOTE 1 The term customer is a specific instance of user.

This PAS covers the management operations relating to systems for identification and strong customer authentication for regulated industries, including:

  • identity validation;

  • identity verification;

  • enrolment;

  • authentication;

  • delegated authority and authorization;

  • security and usability; and

  • risk models for authentication.

This PAS also applies to management processes for creating, accessing or managing accounts digitally; users making a payment via a mobile device or other computer; users making a contactless payment using an electronic device; a retailer receiving such payments; third-party roles; delegated authority; and a bank or payment service provider administering such transactions.

It includes supporting guidance as informative annexes to the PAS including: use cases to address common scenarios and strong customer authentication (see Annex A); and a summary description of additional good practice that can be used in developing a compliant secure system (see Annex B).

The PAS does not cover: contactless payments made using plastic cards; transactions in the context of the internet of things; digital currencies; specifics of payment devices or payment terminals.

NOTE 2 There is a difference in the way that the term “identification” is used in this PAS (establishing an association between a known identity and a person) and that employed in biometric standards (process of searching a biometric enrolment database to find and return the biometric reference identifier(s) attributable to a single person). When used in PAS 499, the latter meaning is referred to as “biometric identification”.