PAS 499:2019
Code of practice for digital identification and strong customer authentication
Standard number: | PAS 499:2019 |
Pages: | 36 |
Released: | 2019-07-31 |
ISBN: | 978 0 580 94481 9 |
Status: | Standard |
PAS 499:2019
This standard PAS 499:2019 Code of practice for digital identification and strong customer authentication is classified in these ICS categories:
- 03.060 Finances. Banking. Monetary systems. Insurance
- 35.240.15 Identification cards and related devices
- 35.240.40 IT applications in banking
This PAS gives recommendations for, and is for use by, all organizations requiring identification and authentication for digital activities in the context of regulatory requirements for defined levels of identification assurance and strong customer authentication, as required in the Second Payment Services Directive (PSD2) and related regulations.
NOTE 1 The term customer is a specific instance of user.
This PAS covers the management operations relating to systems for identification and strong customer authentication for regulated industries, including:
identity validation;
identity verification;
enrolment;
authentication;
delegated authority and authorization;
security and usability; and
risk models for authentication.
This PAS also applies to management processes for creating, accessing or managing accounts digitally; users making a payment via a mobile device or other computer; users making a contactless payment using an electronic device; a retailer receiving such payments; third-party roles; delegated authority; and a bank or payment service provider administering such transactions.
It includes supporting guidance as informative annexes to the PAS including: use cases to address common scenarios and strong customer authentication (see Annex A); and a summary description of additional good practice that can be used in developing a compliant secure system (see Annex B).
The PAS does not cover: contactless payments made using plastic cards; transactions in the context of the internet of things; digital currencies; specifics of payment devices or payment terminals.
NOTE 2 There is a difference in the way that the term “identification” is used in this PAS (establishing an association between a known identity and a person) and that employed in biometric standards (process of searching a biometric enrolment database to find and return the biometric reference identifier(s) attributable to a single person). When used in PAS 499, the latter meaning is referred to as “biometric identification”.