Article 97
ISRB ToC ToC

Path:
Payment Services Directive 2 (PSD2) > TITLE IV > CHAPTER 5 > Article 97
Title:
Article 97
Links:
Description: 
Authentication
Main content: 

                                                                                                                                                                                                                                                                                                

1. Member States shall ensure that a payment service provider applies strong customer authentication where the payer:

(a) accesses its payment account online;

(b) initiates an electronic payment transaction;

(c) carries out any action through a remote channel which may imply a risk of payment fraud or other abuses.

2. With regard to the initiation of electronic payment transactions as referred to in point (b) of paragraph 1, Member States shall ensure that, for electronic remote payment transactions, payment service providers apply strong customer authentication that includes elements which dynamically link the transaction to a specific amount and a specific payee.

3. With regard to paragraph 1, Member States shall ensure that payment service providers have in place adequate security measures to protect the confidentiality and integrity of payment service users’ personalised security credentials.

4. Paragraphs 2 and 3 shall also apply where payments are initiated through a payment initiation service provider. Paragraphs 1 and 3 shall also apply when the information is requested through an account information service provider.

5. Member States shall ensure that the account servicing payment service provider allows the payment initiation service provider and the account information service provider to rely on the authentication procedures provided by the account servicing payment service provider to the payment service user in accordance with paragraphs 1 and 3 and, where the payment initiation service provider is involved, in accordance with paragraphs 1, 2 and 3.

 
Metadata: 
https://www.eba.europa.eu/single-rule-book-qa/search/-/qna/search/publicId/2018_4089-2018_4238-2018_4366-2019_4785?field_legal_act%5B%5D=517&field_qa_com%5B%5D=927&field_question_id=2018_4030,2018_4031,2018_4032,2018_4033,2018_4034,2018_4035,2018_4036,2018_4038,2018_4039,2018_4040,2018_4041,2018_4047,2018_4048,2018_4049,2018_4052,2018_4053,2018_4054,2018_4055,2018_4056,2018_4057,2018_4058,2018_4060,2018_4065,2018_4068,2018_4076,2018_4108,2018_4110,2018_4131,2018_4135,2018_4141,2018_4152,2018_4153,2018_4155,2018_4177,2018_4225,2018_4226,2018_4315,2018_4404,2018_4414,2018_4415,2018_4435,2018_4429,2019_4480,2019_4556,2019_4564,2019_4664,2020_4664,2020_5115,2020_5133,2020_5135&items_per_page=20
Topic: 
Payment services and electronic money
Q&A :
Paragraph: 
1
Links: 
2020_5534 Bill-payment via postal service
2021_6315 Transactions initiated via electronic mail (email)
2022_6464 SCA for token replacement
Paragraph: 
5
Links: 
2021_6321 Authentication procedures that ASPSPs’ interfaces are required to support (using re-direction)
Paragraph: 
all
Links: 
2021_6145 SCA applicability / Application of SCA at tokenisation stage
2021_6280 Application of SCA for confirmation of funds requests made by a PISP