Regulatory Technical Standards on strong customer authentication and secure communication under PSD2

Status: Final draft RTS/ITS adopted by the EBA and submitted to the European Commission

The proposed Regulatory Technical Standards on strong customer authentication and secure communication are key to achieving the objective of the PSD2 of enhancing consumer protection, promoting innovation and improving the security of payment services across the European Union.

Links

Single Rulebook Q&A on Regulation (EU) 2018/389 – RTS on strong customer authentication and secure communication
Discussion on RTS on strong customer authentication and secure communication under PSD2 | News item

Summary of document history

Current version Ongoing versions

Draft amending Regulatory Technical Standards on strong customer authentication and secure communication under PSD2

Status: Not yet applicable
Application date:
Compliance deadline:

Documents

Final Report on amending RTS on SCA and CSC under PSD2

(800.69 KB - PDF) Last update 5 April 2022

Download

Press release

EBA publishes final Report on the amendment of its technical standards on the exemption to strong customer authentication for account access

5 April 2022

The European Banking Authority (EBA) published today its final Report on the amendment of its Regulatory technical standards (RTS) on strong customer authentication and secure communication (SCA&CSC) under the Payment Services Directive (PSD2). The changes introduce a new mandatory exemption to SCA that will require account providers not to apply SCA when customers use an account information service provider (AISP) to access their payment account information, provided certain conditions are met. The amendment aims to reduce frictions for customers using such services and to mitigate the impact that the frequent application of SCA and the inconsistent application of the current exemption have on AISPs’ services.

Press contacts

Franca Rosa Congiu

Organisation and governance

Legal and policy framework

Careers

Supervisory convergence

Direct supervision and oversight

Information for consumers

Ad hoc activities

Risk analysis

Reporting frameworks

Data

Publications

Media centre