To remain technologically neutral the technical standards adopted by conventional retail bank licensees must not require a specific technology to be adopted by AISPs or PISPs. Authentication codes must be based on solutions such as generating and validating one-time passwords, digital signatures or other cryptographically underpinned validity assertions using keys and/or cryptographic material stored in the authentication elements, as long as the security requirements are fulfilled.