the client): Strong customer authentication requirements only apply where a payer (client) himself initiates an electronic payment transaction. On 27 November 2017, Commission delegated Regulation (EU) 2018/389 supplemented PSD2 with regard to regulatory technical standards for strong customer authentication and common and secure open standards of communication. Hier fassen wir für Sie den Stand der Arbeiten der EBA (per 15. 0000003601 00000 n These final draft RTS have been developed in accordance with Article 15(4) of the PSD2, which mandate the EBA to develop draft RTS setting technical requirements on the development, operation and maintenance of the electronic central register and on access to the information contained therein. 0001292632 00000 n 0001285029 00000 n The … Both solutions are currently included in the draft version of the FCA's Regulatory Technical Standards on strong customer authentication and secure communication. The payment services providers must apply strong customer authentication where the payer (i.e. On 27 November 2017, the European Commission adopted, on the basis of an amended draft from the European Banking Authority ("EBA"), regulatory technical standards on strong customer authentication and common and secure communication under Article 98 of Directive 2015/2366 of 25 November 2015 on payment services in the internal market ("PSD 2"). 0 3. FSMA publishes basic principles on cybersecurity. payment and electronic money institutions, their agents and foreign branches; account information service providers, their agents and foreign branches. The risk of fraud with electronic payments is significant and requires a high level of protection (Recital 95 of PSD 2). The length of the process and the number of iterations … Article 15(5) of the PSD2 mandates the EBA to develop draft ITS specifying the details and structure of the information to be contained in the register, including the common format and model in which this information is to be provided by competent authorities. 0000004075 00000 n status: Adopted and published on the Official Journal. Dar­über hin­aus fin­det sie teil­wei­se auch An­wen­dung auf Zah­lun­gen in Nicht-EU/EWR-Wäh­run­gen (z.B. xref The ITS specify the type of information that will be contained in the register from a pre-defined list of institutions that is provided by the PSD2 itself, including: Through the EBA Register, users can access more details about the above institutions, such as their date of authorisation/registration, commercial names and the cross-border services that they provide. the number of previous remote electronic payment transactions initiated by the payer since the last application of strong customer authentication does not exceed five consecutive individual remote electronic payment transactions. But where a client agrees to a direct debit by means of an electronic mandate, strong customer authentication requirement will nonetheless apply, since the direct debit qualifies as an action that the payer (client) carries out through a remote channel, which may imply a risk of fraud (EBA, Draft Regulatory Technical Standards on Strong Customer Authentication and common and secure communication under Article 98 of Directive 2015/2366 (PSD2): Final report, 23 February 2017, p. 7). 0000002051 00000 n First, in the case of access by a client to his/her payment account online, the requirement of strong customer authentication does not apply where the client's online access is limited to either one or both of the following items, without disclosure of sensitive payment data: "Sensitive payment data" means "data, including personalised security credentials which can be used to carry out fraud […]" (Article 4(32) of PSD 2). %%EOF Article 15(4) of the PSD2 confers a mandate on the EBA to develop draft RTS setting technical requirements on the development, operation and maintenance of the electronic central register and on access to the information contained therein. The technical standards mandate the existence of at least one interface that financial institutions must provide to securely send and receive information from PISPs/ AISPs. Article 15(4) of the PSD2 confers a mandate on the EBA to develop draft RTS setting technical requirements on the development, operation and maintenance of the electronic central register and on access to the information contained therein. 0000005979 00000 n trailer h�b```b``�b`e`�fe@ Q�� $AF �H� Cu�ѽ�5�Amc�.��L���V-`�� !�hx�ۊ�I��@��X65H��]=�{���S����X�ȋsb3ϕ�].yK���&�I� The regulatory technical standards provide exemptions for two out of the three cases where strong customer authentication is required. under the revised Payment Services Directive (PSD2) 1 Overview Introduction 1.1 The revised Payment Services Directive (PSD2) was implemented in the UK from 13 January 2018. h��V{LSg�����*my]��"ũ)Z�Ƶ��0W�VA��u�@:$Ѵ��Zŀ�̉l h�b```�^fF``a`b�# � 0000005491 00000 n Most of the PSD 2 provisions must be implemented by 13 January 2018 at the latest. the balance of one or more designated payment accounts; the payment transactions executed in the last 90 days through one or more designated payment accounts. PSD2 Regulatory Technical Standards – A Practical Guide & Workshop A ½ Day Course The PSD2 Requirements for SCA from September 2019 onwards . ��K_�*SR��Ԭ8/�Sc�R� �U�U����2�! Article 15(1) of the PSD2 requires the EBA to develop, operate and maintain an electronic central register that contains information as notified by competent authorities. This discussion of the Regulatory Technical Standards (RTS) is the third post in a series explaining the Revised Payment Service Directive (PSD2) and how it will affect banks. It is estimated that the PSD 2 provisions regarding strong customer authentication requirements will be required to be implemented around 1 September 2019. *~ Cost-benefit analysis and impact assessment 38 4.2. What Makes This Course Different? 4�H�t"�����x2�$�A=��'���~�Bl�'����F ���A�� �0�]\:��B�ظ���� ��Mjw&�^_\���1������Eeщ�� endstream endobj startxref 0 %%EOF 1140 0 obj <>stream Twenty months after the European Banking Authority (EBA) issued the first draft, on 13 March the regulatory technical standard (RTS) on strong customer authentication (SCA) and Common Secure Communication (CSC) under revised Payment Services Directive (PSD2) was finally published in the Official Journal of the European Union.. kI�IpqȊoS���/�Wz�x�x��l��R�EmD#e�%=���x�H�˶�_���$�J�]�P�XBT R�9�'�Ibr�i�yldI��aېYV>}f9T�C�����ջa`���`��nd0s7�J]���"�2J�>]*�}�.���4��^@b�%��Y� ӈ��5f���@2�CQ)f�L��m�ؒ �����>����?�%��w~=�w~�|m� � @ lxh"^"�\���Ae�$��K&Y�}��\:o�3B{l�b6��9����?jW�Wf�ӹ;�C���=r�>�}���A*G���5M�ۉ�\�Wq�UD��)�[�:�%������7t%��\��XN$`�f.