• Home
  • EBA tries to clarify Strong Customer Authentication and Common & Secure Communication under PSD2

EBA tries to clarify Strong Customer Authentication and Common & Secure Communication under PSD2

The European Banking Authority (EBA) has published two regulatory products, an Opinion and a Consultation Paper on draft Guidelines, to clarify a number of issues identified by market participants in relation to the regulatory technical standards (RTS) on strong customer authentication and common and secure communication (SCA and CSC), which will apply from 14 September 2019. The Opinion focuses on the implementation of the RTS while the Consultation Paper proposes a pragmatic and consistent approach to the four conditions to be met to benefit from an exemption from the fallback option envisaged under Article 33(6) of the RTS. The EBA will also extend its Single Rulebook Q&A tool to the revised Payments Services Directive (PSD2). With all these additional measures, the EBA aims at providing assistance to market participants for a smooth and transparent implementation of its RTS on SCA and CSC.

Given the cross-border nature of retail payments, the EBA and Competent Authorities have a shared interest in supporting the objectives of PSD2 of contributing to a single EU payments market, ensuring that these issues are addressed consistently across the EU and that the implementation period proceeds smoothly and transparently across the EU.

Market participants have approached the EBA and many Competent Authorities to seek further clarity on a number of issues that have emerged in the context of the implementation of the EBA RTS on SCA and CSC (Regulation (EU) 2018/389).

Consultation Paper on draft Guidelines on the conditions to be met to benefit from an exemption from contingency measures under Article 33(6) RTS on SCA & CSC

One issue that was brought to the EBA’s attention relates to Article 33(6) of the RTS, which sets out the four conditions that an account servicing payment service provider (ASPSP) must meet when it wishes to provide access via a dedicated interface to be granted an exemption from the obligation to have a fallback option in place. Article 33(6) also requires Competent Authorities to consult with the EBA before granting such an exemption.

The Consultation Paper on draft Guidelines provides clarity to the market and to Competent Authorities on the information to be considered for each of the four conditions in order to determine whether a request for the exemption meets the conditions in Article 33(6) of the RTS. In particular, the draft Guidelines aim at providing clarity for all parties involved (ASPSPs, Competent Authorities and the EBA) in a pragmatic way and allow Competent Authorities to carry out a speedy assessment, especially during the time when the bulk of the exemption requests will be received.

Comments to these consultations can be sent to the EBA by clicking on the “send your comments” button on the consultation page. Please note that the deadline for the submission of comments is 13 August 2018.

All contributions received will be published following the close of the consultation, unless requested otherwise. A public hearing will then take place at the EBA premises on 25 July 2018 from 14:00 to 16:00 UK time.

Opinion on the implementation of the RTS on SCA and CSC

The Opinion is addressed to Competent Authorities to convey the EBA’s views in some pressing areas identified by the market and Competent Authorities, including on the exemptions to SCAs, consent, the scope of data sharing, and requirements for Application Programming Interfaces (APIs) and dedicated interfaces to take into account. For example, the Opinion explains that the ASPSP should not check the consent of the payment service user who has contracted with an account information service provider (AISP), payment initiation service provider (PISP) or card-based payment instrument issuers (CBPII) and that it is the ASPSP that applies SCA and decides whether or not to apply an exemption. Also, the Opinion clarifies that when determining which method(s) to use for the purpose of carrying out the authentication procedure, the ASPSP needs to ensure that all methods of strong customer authentication offered to its customers can be supported when using the API.

Interactive Single Rulebook and Q&A tool

Going forward, the EBA will provide further clarification on the interpretation of the RTS on SCA and CSC through its online Interactive Single Rulebook and Q&A tool, which will be extended to PSD2- related queries by the end of June.

The EBA statement and related information can be found here.

Share this:
Share on email
Share on twitter
Share on facebook
Share on linkedin
Share on reddit
Share on telegram
Share on whatsapp

Leave a Comment

Your email address will not be published. Required fields are marked *

Innovation and regulation in finance

Subscribe to our newsletter

PlanetCompliance does not claim to be exhaustive, instead we are helpful for any contribution from our users, and the content on this platform does not constitute legal advice.

Scroll to Top

Add Article

Add your article to Planet Compliance.