The European Banking Authority (EBA) has published a letter sent by the European Commission (Commission), in which the Commission states that it intends to amend the draft regulatory technical standards (RTS) on strong customer authentication and common and secure open standards of communication under Article 98(4) of the revised Payment Services Directive (PSD2).
Specifically the Commission intends to amend chapters 1, 3 and 5 of the draft RTS presented by the EBA. The substantive changes envisaged by the Commission relate to the following issues:
- independent auditing of the security measures in case when a transaction risk analysis exemption is applied (chapter 1, Article 3(2) of the EBA draft RTS);
- new exemption to strong customer authentication for certain corporate payment process (chapter 3, new Article 17). The Commission has included a new exemption to the application of strong customer authentication concerning certain corporate payments when they use dedicated payment processes or protocols in the cases where, due to the specificity of such solutions and the level of security achieved by them, the competent authorities can establish that those processes or protocols achieve the high levels of security of payments aimed for by PSD2;
- fraud reporting by payment service providers directly to EBA (chapter 3, Articles 16(2) and 17(2) of the EBA draft RTS); and
- contingency measures in case of unavailability or inadequate performance of the dedicated communication interface (chapter 5, Article 28 of the EBA draft RTS).