Response to consultation on RTS specifying the requirements on strong customer authentication and common and secure communication under PSD2

Go back

Question 5: Do you have any concern with the list of exemptions contained in Chapter 2 of the draft RTS for the scenario that PSPs are prevented from implementing SCA on transactions that meet the criteria for exemption?

These requirements appear to have been created to cater for situations whereby there is a 1 to 1 relationship between the card and the cardholder being used to make the purchase - and the associated card issuer has full information relating to the customer concerned. We (Citibank) are a Commercial Card issuer whereby our client is a corporate company and their employees are the cardholders. Therefore, we only have limited information about the cardholders in some cases because the liability for the product resides with their employer (our client) and not the cardholder. In the Commercial Cards world, there are many standard products or use cases where there is not a 1 to 1 relationship between the card and the person using it. For example, a Central Travel Account (previously known as a lodge card") is a single credit card that is held and used by a corporate clients Travel Management Company to book flights and hotels for any/all of that corporate clients employees. The Travel Management Company will also have a number of employees who will/may be executing the travel bookings on behalf of our mutual client/s. Therefore, we struggle to understand how in such cases in the Commercial Card world (in situations where there is not a 1 to 1 relationship between the card and the card user), how it is possible to comply with these new regulations. There are many similar use cases/products in the Commercial Card issuance world to that which I have described - and this challenge will apply to all Commercial Card issuers globally."

Please select which category best describes you and/or your organisation

[Credit institution"]"

Please select which category best describes the services provided by you/your organisation

[Issuing of payment instruments and/or acquiring of payment transactions"]"

Name of organisation

Citibank Europe plc