Question ID
2018_4030
Legal act
Directive 2015/2366/EU (PSD2)
Topic
Strong customer authentication and common and secure communication (incl. access)
Article
97
COM Delegated or Implementing Acts/RTS/ITS/GLs/Recommendations
Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
Article/Paragraph
1
Type of submitter
Other
Subject matter
Geographical scope of application of the RTS on strong customer authentication (SCA) and secure communication requirements – ‘Two-leg’ transactions
Question

Is it necessary that issuer, acquirer, cardholder and merchant be all located in the EEA for the RTS on SCA requirements to apply to two-leg transactions?

May the issuer use the merchant’s location as a proxy (in lieu of the acquirer’s location)?

Background on the question

The PSD2 applies to payment transactions where both the issuer and the acquirer are located within the EEA (‘two-leg’ transactions).  The location of the cardholder and the merchant is not relevant. 

This is because only the location of the ‘payer’s payment service provider’ (i.e., in the case of card transactions, the issuer) and of the ‘payee’s payment service provider’ (i.e., in the case of card transactions, the acquirer) is relevant to determine whether a transaction is subject to the PSD2 requirements (Article 2 PSD2).

Other industry players argue that the location of the cardholder and the merchant is relevant and the RTS apply only if all the parties involved in the transaction (i.e., not only the issuer and the acquirer, but also the cardholder and the merchant) are located in the EEA. 

In our view, the location of the merchant may only be taken into account if the issuer is technically unable to determine the location of the acquirer.  In this case, the issuer should be allowed to take the location of the merchant as a proxy (in lieu of that of the acquirer).

Submission date
Final publishing date
Final answer

Article 2(1) PSD2 states that the Directive applies to payment services provided within the Union. According to Article 2(2) PSD2 Title IV, including Article 97 PSD2, applies to payment transactions in the currency of Member State where both the payer's payment service provider (PSP) and the payee's PSP are, or the sole PSP in the payment transaction is, located within the Union (two-leg transaction).

It follows that where both PSPs are, or the sole PSP in a payment transaction is, located within the Union, strong customer authentication (SCA) has to be applied in accordance with Article 97 PSD2 and the Commission Delegated Regulation (EU) 2018/389.

In regards to the geographical scope as defined in Article 2(2) PSD2 the location of the payer and/or the payee is not relevant. The PSPs are the obliged entities in regards to SCA.

 

Disclaimer:

This question goes beyond matters of consistent and effective application of the regulatory framework. A Directorate General of the Commission (Directorate General for Financial Stability, Financial services and Capital Markets Union) has prepared the answer, albeit that only the Court of Justice of the European Union can provide definitive interpretations of EU legislation. This is an unofficial opinion of that Directorate General, which the European Banking Authority publishes on its behalf. The answers are not binding on the European Commission as an institution. You should be aware that the European Commission could adopt a position different from the one expressed in such Q&As, for instance in infringement proceedings or after a detailed examination of a specific case or on the basis of any new legal or factual elements that may have been brought to its attention.

Status
Final Q&A
Answer prepared by
Answer prepared by the European Commission because it is a matter of interpretation of Union law.

Disclaimer

The Q&A refers to the provisions in force on the day of their publication. The EBA does not systematically review published Q&As following the amendment of legislative acts. Users of the Q&A tool should therefore check the date of publication of the Q&A and whether the provisions referred to in the answer remain the same.