The deadline for initial notification has been significantly extended from 2 to 4 hours following identification of the incident. Due to reorganization of the three notification types, it is no longer necessary to provide as much information in the initial and interim notifications. This is due to the newly introduced “completion” of the notification forms, meaning that only the final report needs to contain all information pertaining to the incident. The criteria previously referred to as “Level 1” and “Level 2” proved insufficiently self-explanatory and have been replaced by the terms “Lower Impact Level” and “Higher Impact Level.” For the Higher Impact Level criterion, the number of transactions concerned has been increased from one million to five million euros.

Continue

On 16 March 2017, BaFin – Germany’s financial regulator – held its fourth information meeting on the supervision of IT for banks with roughly 500 attendees. The press and media coverage (FAZ, Handelsblatt, Börsenzeitung) placed emphasis on the vulnerability of bank IT systems to attacks and the need for them to improve their IT security, whereas BaFin and the Bundesbank announced important details regarding future supervision and monitoring of bank IT, with keynote presentations on BAIT (supervisory requirements for bank IT), monitoring of IT matters in practice by banking regulators, and the implementation of the IT Security Act by means of the Federal Office for In- formation Security Act (BSI) and the Payment Service Directive (PSD) II.

Continue

In August 2016, the EBA published the draft RTS for consultation, and spelled out the details in a public hearing on 23 September 2016, especially regarding the points on “Use of strong customer authentication for account access (one-month discussion)” and “Using a risk-based approach as a replacement for the second factor”. On 23 February 2017, after taking account of 224 comments received back from the market, the EBA published the final version of the RTS.

Continue

According to Article 96 of Payment Service Directive (PSD) II, payment service providers have until 13th January 2018 to implement a reporting system for major operational and security incidents relating to cash-free transactions. The EBA proposes a classification scheme with four quantitative criteria and three qualitative ones to decide whether an incident needs to be reported.

Continue

The continued advance of digital technology has seen the automobile grow as a product from simply being a machine intended to move people from place to place, into a networked vehicle for services associated with mobility. Where the “car”, as a product, used to be the determining factor in value creation, it is now not enough on its own to ensure optimized value creation. The term “connected car” is now a synonym for mod-ern automotive mobility, implying communi-cation between the conveyance and its environment, as well as from vehicle to vehicle. As a result, there are now interfaces with related services such as billing, optimi-zation or linked mobility options. Ongoing competition between providers as automat-ed driving approaches, means there is ever greater relevance for comprehensive vehicle networking because greater availability of data has the potential to have a positive effect on functionality and rule compliance of automated systems.

Continue