Should a Payment Service User (PSU) recreate a list of trusted beneficiaries that was already approved in accordance with the EBA Guidelines on the security of internet payments?
Article 13 of the RTS on strong customer authentication and common secure communication creates an exemption from strong customer authentication based on the list of trusted beneficiaries.
In accordance with Article 13(1) of the Commission Delegated Regulation (EU) 2018/389, "payment service providers shall apply strong customer authentication (SCA) where a payer creates or amends a list of trusted beneficiaries through the payer’s account servicing payment service provider."
Accordingly, for lists of trusted beneficiaries that already existed before the application of the Delegated Regulation (and have been developed in the same context as an exemption to the requirement to use SCA under the general authentication requirements in Article 2 of the Delegated Regulation), SCA should be required only when there is an amendment to this list. The payment service user would not need to re-create that list.