On 28 October 2021, the European Banking Authority (EBA) launched a public consultation on the amendment of its Regulatory Technical Standards (RTS) on strong consumer authentication and secure communication (SCA&CSC) under the Payment Directive (PSD2) with regard to the 90-day exemption for account access.
The amendments proposed in the Consultation Paper aim to address a number of the issues identified by the EBA in the application of the exemption by some account servicing payment service providers (ASPSPs) across the EU, where the ASPSPs have not made use of the exemption and request SCA for each account access, or where they request SCA more frequently than every 90-days, as allowed by the RTS.
To address these issues the EBA propose to introduce a new mandatory exemption from SCA for the specific use case when the access is done through an account information service provider (AISP) that is subject to certain safeguards and conditions aimed at protecting customers data.
Where customers access the data directly, the EBA proposes to retain the exemption in Article 10 as voluntary, as they have not identified any specific issues in such cases. However, to ensure a level playing field amongst payment service providers, the EBA proposes to extend the 90-days timeline in Article 10 of the RTS on SCA&CSC for the renewal of SCA to the same 180-day period for the renewal of SCA when the account data is accessed through an AISP.
A public hearing will take place online 11 November 2021 from 10-12 CET.
The consultation will run until 25 November 2021.