On 14 October 2021, the European Banking Authority (EBA) repealed its guidelines on the security of internet payments. These guidelines were issued prior to the revised Payments Services Directive (PSD2) in 2016 and have been replaced by the PSD2 and the related EBA instruments developed in support of it.
The EBA issued the guidelines in 2014 to provide details as to how provisions in the Payment Services Directive (PSD1) should be interpreted for the purpose of enhancing the security of payment services, with a view to mitigating the risks from the growing payments fraud that occurred at the time.
In January 2016, the PSD2 entered into force, which articulates more specific requirements concerning the security of payments. The PSD2, which has applied since January 2018, also mandated the EBA to develop several legal instruments, including the technical standards on strong customer authentication and common and secure communication, which have applied since September 2019.
As the PSD2 and the related EBA instruments incorporate, and also go beyond, the requirements set out in the guidelines, the EBA has decided to repeal them, and asked Member State national competent authorities to take the corresponding steps that may be necessary at a national level.