• There are no items in your cart
We noticed you’re not on the correct regional site. Switch to our AMERICAS site for the best experience.
Dismiss alert

PAS 499:2019

Current
Current

The latest, up-to-date edition.

Code of practice for digital identification and strong customer authentication
Available format(s)

Hardcopy , PDF

Language(s)

English

Published date

31-07-2019

This PAS gives recommendations for, and is for use by, all organizations requiring identification and authentication for digital activities in the context of regulatory requirements for defined levels of identification assurance and strong customer authentication, as required in the Second Payment Services Directive (PSD2) and related regulations.

This PAS gives recommendations for, and is for use by, all organizations requiring identification and authentication for digital activities in the context of regulatory requirements for defined levels of identification assurance and strong customer authentication, as required in the Second Payment Services Directive (PSD2) and related regulations.

NOTE1 The term customer is a specific instance of user.

This PAS covers the management operations relating to systems for identification and strong customer authentication for regulated industries, including:

  • identity validation;

  • identity verification;

  • enrolment;

  • authentication;

  • delegated authority and authorization;

  • security and usability; and

  • risk models for authentication.

This PAS also applies to management processes for creating, accessing or managing accounts digitally; users making a payment via a mobile device or other computer; users making a contactless payment using an electronic device; a retailer receiving such payments; third-party roles; delegated authority; and a bank or payment service provider administering such transactions.

It includes supporting guidance as informative annexes to the PAS including: use cases to address common scenarios and strong customer authentication (see AnnexA); and a summary description of additional good practice that can be used in developing a compliant secure system (see AnnexB).

The PAS does not cover: contactless payments made using plastic cards; transactions in the context of the internet of things; digital currencies; specifics of payment devices or payment terminals.

NOTE2 There is a difference in the way that the term “identification” is used in this PAS (establishing an association between a known identity and a person) and that employed in biometric standards (process of searching a biometric enrolment database to find and return the biometric reference identifier(s) attributable to a single person). When used in PAS499, the latter meaning is referred to as “biometric identification”.

Committee
ZZ/3
DocumentType
Standard
ISBN
9780580944819
Pages
36
ProductNote
THIS STANDARD IS ALSO REFERS TO :PD ISO/IEC TR 29196, PD ISO/IEC TR 29196:2018,
PublisherName
British Standards Institution
Status
Current

View more information
£88.00
Excluding VAT

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.