The European Banking Authority (EBA) has published a consultation paper on the draft regulatory technical standards specifying the requirements on strong customer authentication and common and secure communication under the revised Payment Services Directive (PSD2).

The consultation paper follows an earlier discussion paper that was published in December 2015. Our earlier blog entry can be found here.

Article 98 of the PSD2 provides that the EBA shall develop, in close cooperation with the European Central Bank, draft regulatory technical standards (RTS) specifying the requirements of the strong customer authentication (SCA), the exemptions from the application of SCA, the requirements with which security measures have to comply in order to protect the confidentiality and the integrity of the payment service users’ personalised security credentials, and the requirements for common and secure open standards of communication between account servicing payment service providers, payment initiation services providers, account information services providers, payers, payees and other payment services providers.

The draft RTS start with the requirements on SCA, which is followed by a definition of the exemptions to these requirements. The draft RTS then proceed to the requirements related to the protection of personalised security credentials, followed by common and secure open standards of communication.

The consultation paper ends with a discussion on how the draft RTS will apply to third parties on which payments services providers may rely for the provision of payment services.

The deadline for comments on the consultation paper is 12 October 2016.

View EBA consults on strong customer authentication and secure communications under PSD2, 12 August 2016