Modern security requirements will also be applied to online payments, which is why the field of use of password cards will be limited. The bill will also seek to coordinate Estonian laws with the new European Union Payment Services Directive.
In the future, payment service providers must apply so-called strong authentication requirements when identifying a customer. In Estonia, for example, it means ID-card, mobile-ID, as well as different applications and password calculators. To reduce the security risks associated with payments, the use of existing password cards will be limited because they are easily copied. Limitations also apply to those online payments, where a combination of numbers printed on a bank card is used as the only security feature.
The security measures in question are expected to fully enter into force in the first half of 2019. The exact date depends on when the European Commission will approve the relevant implementing regulation.
“From February 1, Swedbank will no longer issue new password cards. Existing password cards can be used until February 1, 2019. A pan-European law change coming into force in the coming autumn will significantly limit the transactions made with the password card for security purposes, making the card inoperable in the future.”