2018_4342 Chip and Signature cards and their inclusion in the remit of RTS Article 11

Question ID: 2018_4342
Legal act: Directive 2015/2366/EU (PSD2)
Topic: Strong customer authentication and common and secure communication (incl. access)
Article: 98
Paragraph: 4
Subparagraph: b
COM Delegated or Implementing Acts/RTS/ITS/GLs/Recommendations: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
Article/Paragraph: 11
Type of submitter: Credit institution
Subject matter: Chip and Signature cards and their inclusion in the remit of RTS Article 11
Question: Is cardholder signature a strong method of authentication when transacting with card present?
If so, is there a requirement to ensure that on Chip and Signature cards we step up to signature from contactless after 5 contactless /cumulative value of 150 euros?
If a signature is not considered to be strong customer authentication (SCA), are chip and signature cards exempt from SCA requirements under Article 11 of the RTS on strong customer authentication and secure communication?
Background on the question: Chip and Signature cards are generally issued to cardholders who have trouble remembering PIN/entering PIN on a key pay etc. These are typically customers who are vulnerable/have disabilities. Forcing them to use PIN at terminals (aside from ATMs) may be considered discrimination. Forcing customers to step up from contactless to signature is also a bad customer journey especially if the terminal is not attended e.g self servce in a supermarket.
Submission date: 24/10/2018
Final publishing date: 09/04/2021
Final answer: Q&A 2018_4237 clarifies that a signature on a paper slip cannot be considered a valid factor in a two-factor strong customer authentication (SCA) under Directive 2015/2366/EU (PSD2) and the Commission Delegated Regulation (EU) 2018/389 for approaches currently observed in the market.

Accordingly, while the exemption under Article 11 of the Delegated Regulation may be used for card-based payment transactions relying on chip and signature on a paper slip, provided that the respective thresholds are met, it would not be possible to apply SCA by using the chip and a signature only after the thresholds have been reached. In this case, the issuer of the payment card would need to ensure that other forms of authentication compliant with the requirements of PSD2 and the Delegated Regulation are applied.
Status: Final Q&A
Answer prepared by: Answer prepared by the EBA.

Disclaimer

The Q&A refers to the provisions in force on the day of their publication. The EBA does not systematically review published Q&As following the amendment of legislative acts. Users of the Q&A tool should therefore check the date of publication of the Q&A and whether the provisions referred to in the answer remain the same.

Organisation and governance

Legal and policy framework

Careers

Supervisory convergence

Direct supervision and oversight

Information for consumers

Ad hoc activities

Risk analysis

Reporting frameworks

Data

Publications

Media centre

Disclaimer