Abstract

The increase of the total volume and technological development of electronic payments is accompanied by the increase of the number of offences committed using stolen access data or stolen payment instruments. Banks and other providers of payment services make attempts to offer more efficient security data protection methods. They include so-called strong customer authentication. The obligation to use this security method is provided at present on the basis of a number of soft law acts – above all the Recommendation of the Polish Financial Supervisory Authority concerning safety of payment transactions concluded online. Despite the fact that these laws are at present officially not binding (especially in the civil law area), their contents affect how the civil concept of the duty of care is construed. The author describes the mechanism of strong customer authentication and specifies how the Recommendation affects the obligations and liability of payment services providers vis-a-vis customers.