CLASSIFICATION: RESTRICTED

Major Inciden

Initial report within 4 hours after detection

Intermediate report maximum of 3 business days from pre
Last intermediate report
Final report within 2 weeks after closing the incide
Incident reclassified as non-major Please explain:

Instructions to filling out the template: Final guidelines on major incident reporting under Directive (EU) 2015/2366 (PSD2), EBA
https://www.eba.europa.eu/regulation-and-policy/payment-services-and-electronic-money/guidelines-on-major-incidents-rep

Report date DD/MM/YYYY

Incident identification number, if applicable (for interim and final reports)

A - Initial
A 1 - GENERA
Type of report
Type of report
Affected payment service provider (PSP)
PSP name
PSP unique identification number, if relevant
PSP authorisation number
Head of group, if applicable
Home country
Country/countries affected by the incident
Primary contact person
Secondary contact person
Reporting entity (complete this section if the reporting entity is not the affected PSP in case of delegate
Name of the reporting entity
Unique identification number, if relevant
Authorisation number, if applicable
Primary contact person
Secondary contact person
A 2 - INCIDENT DETECTION an
Date and time of detection of the incident DD/MM/YYYY, HH:MM
The incident was detected by (1)
Please provide a short and general description of the incident
(should you deem the incident to have an impact in other EU Member
States(s), and if feasible within the applicable reporting deadlines, please
provide a translation in English)
What is the estimated time for the next update? DD/MM/YYYY, HH:MM

Notes:
(1) Pull-down menu: payment service user; internal organisation; external organisation; none of the above
 CONSOLIDATED REPORT - LIST OF PSPs
PSP Name PSP Unique
Identification
Number
 Major Incident Report

hin 4 hours after detection

ximum of 3 business days from previous report

hin 2 weeks after closing the incident

ective (EU) 2015/2366 (PSD2), EBA-2017-GL-10

y/guidelines-on-major-incidents-reporting-under-psd2

/MM/YYYY Time HH:MM

A - Initial report
A 1 - GENERAL DETAILS

Individual Consolidated

Email Telephone
Email Telephone
ected PSP in case of delegated reporting)

Email Telephone
Email Telephone
A 2 - INCIDENT DETECTION and INITIAL CLASSIFICATION
/MM/YYYY, HH:MM
If Other, please explain:

/MM/YYYY, HH:MM
PSPs
PSP Authorisation number
payment service user

internal organisation
external organisation
none of the above
 B - Intermedi
B 1 - GENERA

Please provide a more DETAILED description of the incident. e.g.

information on:
- What is the specific issue?
- How it happened
- How did it develop
- Was it related to a previous incident?
- Consequences (in particular for payment service users)
- Background of the incident detection
- Areas affected
- Actions taken so far
- Service providers/ third party affected or involved
- Crisis management started (internal and/or external (Central Bank Crisis
management))
- PSP internal classification of the incident

Date and time of beginning of the incident (if already identified) DD/MM/YYYY, HH:MM
Diagnostics
Incident status
Repair

Date and time when the incident was restored or is expected to be restored DD/MM/YYYY, HH:MM

B 2 - INCIDENT CLASSIFICATION & I

Integrity
Overall impact
Availability

Number of transactions affected

As a % of regular number of transactio
Transactions affected (2) Value of transactions affected in EUR
Comments:

Payment service users affected (3) Number of payment service users affe
As a % of total payment service users

Service downtime(4)
Total service downtime

Economic impact (5) Direct costs in EUR

Indirect costs in EUR

YES

High level of internal escalation

 Describe the level of internal escalatio
High level of internal escalation
indicating if it has triggered or is likely
and if so, please describe

YES
Other PSPs or relevant infrastructures potentially affected Describe how this incident could affect
and/or infrastructures
YES

Reputational impact Describe how the incident could affect

coverage, potential legal or regulatory

B 3 - INCIDENT D
Type of incident Operational
Cause of incident Under investigation

External attack

Internal attack

External events
Human error
Process failure
System failure
Other
Was the incident affecting you directly, or indirectly through a service
Directly
provider?
B 4 - INCIDEN
Building(s) affected (Address), if applicable
Commercial channels affected Branches
E-banking

If Other, sp
Payment services affected Cash placement on a paymen
Cash withdrawal from a paym
Operations required for opera
Acquiring of payment instrum
If Other, sp
Functional areas affected Authentication/authorisation
Communication
If Other, sp
Systems and components affected Application/software
Database

If Other, sp
YES
Staff affected Describe how the incident could affect
(e.g. staff not being able to reach the o
Staff affected Describe how the incident could affect
(e.g. staff not being able to reach the o

B 5 - INCIDENT
Which actions/measures have been taken so far or are planned to recover
from the incident?
Has the Business Continuity Plan and/or Disaster Recovery Plan been
YES
activated?
If so, when? DD/MM/YYYY, HH:MM
If so, please describe
Has the PSP cancelled or weakened some controls because of the
YES
incident?
If so, please explain

Notes:
(2) Pull-down menu: > 10% of regular level of transactions and > EUR 100,000; > 25% of regular level of transactions or > EUR 5 milion;
(3) Pull-down menu: > 5,000 and > 10% payment service users; > 50,000 or > 25% payment service users; none of the above
(4) Pull-down menu: > 2 hours; < 2 hours
(5) Pull-down menu: > Max (0,1% Tier 1 capital, EUR 200,000) or > EUR 5 million; none of the above
 B - Intermediate report
B 1 - GENERAL DETAILS

/MM/YYYY, HH:MM
Diagnostics Recovery
Repair Restoration

/MM/YYYY, HH:MM

- INCIDENT CLASSIFICATION & INFORMATION ON THE INCIDENT

Integrity Confidenti Continuity
Availability Authenticit

mber of transactions affected Actual figure

a % of regular number of transactions Actual figure
ue of transactions affected in EUR Actual figure

mber of payment service users affected Actual figure

a % of total payment service users Actual figure

al service downtime DD:HH:MM Actual figure

ect costs in EUR Actual figure

irect costs in EUR Actual figure

YES, AND CRISIS MODE (OR EQUIVALENT) IS LIKELY TO BE CALLED UPON
scribe the level of internal escalation of the incident,
icating if it has triggered or is likely to trigger a crisis mode (or equivalent)
d if so, please describe

NO
scribe how this incident could affect other PSPs
d/or infrastructures
NO

scribe how the incident could affect the reputation of the PSP (e.g. media
verage, potential legal or regulatory infringement, etc.)

B 3 - INCIDENT DESCRIPTION
Operational Security
Under investigation
Type of attack:
External attack Distributed/Denial of Service (D/DoS)
Infection of internal systems
Internal attack Targeted intrusion
Other
External events If Other, specify
Human error
Process failure
System failure
Other If Other, specify

Directly Indirectly If indirectly, please provide the

service provider's name
B 4 - INCIDENT IMPACT

Branches Telephone banking Point of sale

E-banking Mobile banking Other
ATMs
If Other, specify:
Cash placement on a payment account Credit transfers Money remittance
Cash withdrawal from a payment account Direct debits Payment initiation s
Operations required for operating a payment account Card payments Account information
Acquiring of payment instruments Issuing of payment instruments Other
If Other, specify:
Authentication/authorisation Clearing Indirect settlement
Communication Direct settlement Other
If Other, specify:
Application/software Hardware
Database Network/infrastructure
Other
If Other, specify:
NO
scribe how the incident could affect the staff of the PSP/service provider
g. staff not being able to reach the office to support customers, etc.)
scribe how the incident could affect the staff of the PSP/service provider
g. staff not being able to reach the office to support customers, etc.)

B 5 - INCIDENT MITIGATION

NO

DD/MM/YYYY, HH:MM

NO

level of transactions or > EUR 5 milion; none of the above

ice users; none of the above
 none of
the above

> 10% of
> 25% of
regular
regular
level of
level of
transaction
stransactio
and >
EUR
ns or >
100000
EUR 5
Estimation million
none of
Estimation the above
Estimation

> 5,000 and

> 10%
50,000
payment
or > 25 %
service
payment
users
service
Estimation users
none of
Estimation >
the above
Max
(0,1% Tier
1
> capital,
2 hours
EUR
Estimation < 2 hours
200000) or
> EUR 5
million
none of
Estimation the above
Estimation
NO
DoS)

Point of sale
Other

Money remittance
Payment initiation services
Account information services
Other

Indirect settlement
Other
 C - Final
If no intermediate report has been sent, please also complete section B
C 1 - GENERA

Please update the information from the intermediate report (summary):

- additional actions/measures taken to recover from the incident
- final remediation actions taken
- root cause analysis
- lessons learnt
- addittional actions
- any other relevant information

Date and time of closing the incident DD/MM/YYYY, HH:MM

If the PSP had to cancel or weaken some controls because of the incident,
YES
are the original controls back in place?
If so, please explain
C 2 - ROOT CAUSE ANALY
What was the root cause (if already known)?
(possible to attach a file with detailed information)
Main corrective actions/measures taken or planned to prevent the incident
from happening again in the future, if already known
C 3 - ADDITIONAL
Has the incident been shared with other PSPs for information purposes? YES
If so, please provide details
Has any legal action been taken against the PSP? YES
If so, please provide details
 C - Final report

C 1 - GENERAL DETAILS

/MM/YYYY, HH:MM

NO

C 2 - ROOT CAUSE ANALYSIS AND FOLLOW-UP

C 3 - ADDITIONAL INFORMATION
NO

NO
 D - Other areas affected by the inc

If the incident has additionally impacted other

channels or services, you may report the
affected areas here.
affected by the incident