05 April 2022
The European Banking Authority (EBA) published today its final Report on the amendment of its Regulatory technical standards (RTS) on strong customer authentication and secure communication (SCA&CSC) under the Payment Services Directive (PSD2). The changes introduce a new mandatory exemption to SCA that will require account providers not to apply SCA when customers use an account information service provider (AISP) to access their payment account information, provided certain conditions are met. The amendment aims to reduce frictions for customers using such services and to mitigate the impact that the frequent application of SCA and the inconsistent application of the current exemption have on AISPs’ services.
Following a public consultation that has attracted more than 1,200 responses, as well as an extensive analysis of such feedback, the EBA has introduced some changes to the draft amending RTS, while retaining the mandatory exemption and the extension of the frequency for the renewal of SCA from every 90 days to every 180 days proposed in the Consultation Paper.
These amendments are those that the EBA is legally in a position to make to address the issues identified. Other mitigations to address these issues are conceivable but would require changes to the Directive itself, which is beyond the EBA’s powers.
The amendments to the RTS are envisaged to apply 7 months after the publication of the amending RTS in the Official Journal of the EU.