Follow Us

Follow us on Twitter  Follow us on LinkedIn
 

13 June 2018

EBA provides clarity to market participants for the implementation of the RTS on SCA and CSC under the PSD2


The EBA published two regulatory products, an Opinion and a Consultation Paper on draft Guidelines, to clarify a number of issues identified by market participants in relation to the RTS on strong customer authentication and common and secure communication (SCA and CSC).

The Consultation Paper on draft Guidelines provides clarity to the market and to Competent Authorities on the information to be considered for each of the four conditions in order to determine whether a request for the exemption meets the conditions in Article 33(6) of the RTS. In particular, the draft Guidelines aim at providing clarity for all parties involved (ASPSPs, Competent Authorities and the EBA) in a pragmatic way and allow Competent Authorities to carry out a speedy assessment, especially during the time when the bulk of the exemption requests will be received.

Comments to these consultations can be sent to the EBA by 13 August 2018. A public hearing will then take place at the EBA premises on 25 July 2018 from 14:00 to 16:00 UK time.

The Opinion is addressed to Competent Authorities to convey the EBA's views in some pressing areas identified by the market and Competent Authorities, including on the exemptions to SCAs, consent, the scope of data sharing, and requirements for Application Programming Interfaces (APIs) and dedicated interfaces to take into account.

For example, the Opinion explains that the ASPSP should not check the consent of the payment service user who has contracted with an account information service provider (AISP), payment initiation service provider (PISP) or card-based payment instrument issuers (CBPII) and that it is the ASPSP that applies SCA and decides whether or not to apply an exemption. Also, the Opinion clarifies that when determining which method(s) to use for the purpose of carrying out the authentication procedure, the ASPSP needs to ensure that all methods of strong customer authentication offered to its customers can be supported when using the API.

Press release

Opinion

Consultation paper



© EBA


< Next Previous >
Key
 Hover over the blue highlighted text to view the acronym meaning
Hover over these icons for more information



Add new comment