Search for Q&As

Enquirers can use various factors to search for a Q&A:

  • These include searching by the Q&A ID; legal reference, date submitted, technical standard / guideline, or by keyword if known.
  • Searches can be extended to more than one legal act, topic, technical standard or guidelines by making multiple selections (i.e. pressing 'Ctrl' on your keyboard, and selecting the relevant ones from the drop-down lists by left mouse-click).

Disclaimer:

Q&As refer to the provisions in force on the day of their publication. The EBA does not systematically review published Q&As following the amendment of legislative acts. Users of the Q&A tool should therefore check the date of publication of the Q&A and whether the provisions referred to in the answer remain the same.

Please note that the Q&As related to the supervisory benchmarking exercises have been moved to the dedicated handbook page. You can submit Q&As on this topic here.

List of Q&A's

Information provided to the payee on individual payment transaction

If a framework contract includes a condition on providing all required information to the payee at least once a month, is the payment service provider still obliged to provide the information to the payee after the execution of individual payment transaction? Or providing monthly information is enough and provision of information separately about each individual transaction is not required anymore?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Payment account

What is the difference between payment account, e-money account and a bank account (account held at the credit institution) in terms of allowed transactions? Is it possible to hold funds on a payment account to make future payment transactions?Is it possible to receive the salary on a payment account, if this account is not an e-money account or an account held by a credit institution, which constitute a deposit or other repayable fund?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Initial Capital

What is the initial capital requirement if a payment institution is providing: (a) any of the payment services as referred to in points (1) to (5) of Annex I and service (6) and (7). (b) any of the payment services as referred to in points (1) to (5) of Annex I and service (6) . (c) any of the payment services as referred to in points (1) to (5) of Annex I and service (7).

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Evidences / Records to be stored by account servicing payment service providers (ASPSP) for payment initiation service (PIS) and account information service (AIS) requests

Shall ASPSP keep record of PIS requests received through a PISP and evidences on the authenticity and execution of these payment transactions when SCA is managed by ASPSP ?  Shall ASPSP keep record of the consent of the PSU and also of the AIS requests received through an AISP ? For both evidences is there any specific retention period ?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

The definition of payment services and in particular the definition of execution of payment transaction in relation to netting centers

1. Is an (international) non-profit association, acting as netting centre in the framework of a multilateral netting agreement entered into between its members, that receives and forward funds to and from its members through a bank account opened in its name deemed to carry out payment services falling within the scope of Article 4(3) of Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC ('PSD2') (e.g. the execution of payment transaction or money remittance)?2. If the netting center is deemed to carry out payment services, can the netting centre rely on exclusion of Article 3(n) of PSD2, i.e. 'payment transactions and related services between a parent undertaking and its subsidiary or between subsidiaries of the same parent undertaking, without any intermediary intervention by a payment service provider other than an undertaking belonging to the same group'?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Reading of the term "means of payment"

What are the 'means of payment' in the LNE Guidelines (guidelines 1.6 and 1.7)? Does the term refer to the technological level of a physical device or a digital carrier, which may accommodate several payment instruments, such as plastic card (chip or magnetic stripe), a mobile phone, a wallet, an app, a wearable, a tablet, a PC or even a specific storage location on an external server? Please provide examples of 'other means of payment' that are relevant in practice from the EBA's perspective. How is the definition of payment instrument according to Article 4(14) PSD2 to be read in the context of the LNE Guidelines? Is the interpretation of the adjective “card-based” (in combination with means of payment) in line with the same adjective in combination with payment instruments according to Article 2(20) of Regulation (EU) 2015/751 (“IFR”)?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2022/02 - Guidelines on the limited network exclusion

SCA for token replacement

Is SCA required for the replacement of a tokenized card happening in the background without any ‘action by the payer’ under Article 97(1)(c) PSD2 in the following cases: Expiry of the token and update of the token Replacement of the card, and the new card has a different BIN/Account Range (e.g., for product graduation, such as standard to gold, or simple BIN management) and/or different functionalities Technical and/or configuration changes to the issuer’s BIN configuration (such as migrating from 6 to 8 digit BINs) In all these cases, the existing tokenized credentials have been initially associated with SCA to the user under Article 24(2)(b) RTS, and this is solely a technical replacement of the token. credentials have been initially associated with SCA to the user under Article 24(2)(b) RTS, and this is solely a technical replacement of the token.

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

Annex VI - Agentes/distributors

Please clarify whether under Directive 2015/2366, in the exchange of notifications between NCAs, Annex VI of the Commission Delegated Regulation (EU) 2017/2055 should be sent concerning each new agent/distributor or only for the first agent/distributor acting on behalf of a payment/e-money institution.

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2017/2055 - RTS on passporting under PSD2

API functionality

Is it allowed to use a dedicated PSD2 interface by a TPP that identifies itself with an eIDAS certificate for purposes other than those specified in Article 30(1)(b) - (c) of the RTS on strong customer authentication (SCA) and secure communication? 

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

Paper-based postal money orders as defined by the Universal Postal Union

1. Should postal transfers as defined by the Universal Postal Union, which are not made in paper form but by electronic means, be excluded from the scope of PSD2?     2. If postal transfers, as defined by the Universal Postal Union, in both electronic and paper format, are inseparable from the postal operator’s accounting system, should also paper-based postal transfers not fall outside the scope of PSD2?     3. Should such transfers be excluded from the scope of PSD2 in either case, or agree that the payment institution is not entitled to credit those funds to the payment service customers’ funds accounts where the money of the payment service users is kept separate?     4. Can a payment institution that is also a postal service provider simultaneously provide both PSD2 regulated services and services related to payments but outside the scope of PSD2?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Exclusion of cash withdrawal services from PSD2

If a provider offers cash ATM withdrawal services, not acting on behalf of one or more card issuers but rather through an agreement with the main payment circuits, shall this type of provision be considered exempt from the PSD2?  

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Authentication procedures that ASPSPs’ interfaces are required to support (using re-direction)

In a pure redirection-based approach, can an ASPSP, which is not offering a mobile web browser to its PSU’s, decide not to support  an authentication via a mobile web browser authentication page (no app-to-mobile web browser or mobile web browser-to-mobile web browser  redirection) for PISPs/AISPs on the basis of duly justified security risks, without being considered a breach of Article 97 (5) PSD2 and Article 30(2) of the RTS on SCA and CSC and/or an obstacle under Article 32(3) of the RTS on SCA and CSC?  

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

PISP’s access to payable charges applied by the ASPSP on the PSU’s initiated payment via the ASPSP’s dedicated interface

Shall the account servicing payment service provider (ASPSP) make the transaction fees accessible to payment initiation service providers (PISPs) via the dedicated interface?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

Future-dated payments and recurring transactions

When it comes to recurring transactions and future-dated payments, would an implementation of the PSD2-interface that requires that the TPPs store the payment details until due date, and not until due date are they allowed to send the transactions to the ASPSP for execution, satisfy the requirements in Opinion on the implementation of the RTS on SCA and SCA (EBA-Op-2018-04) of June 13, 2018' paragraph 29, in cases where the ASPSP itself offers future-dated payments and recurring transactions in their mobile/web-bank application? If the answer to the preceding question is yes, what then is the meaning of the statement '… a PISP has the right to initiate the same transactions that the ASPSP offers to its own PSUs, such as … recurring transactions, … and future-dated payments'?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

Transactions initiated via electronic mail (email)

Do transactions initiated via electronic mail (email) qualify as initiations pursuant to Article 97 para. 1 (b) PSD2 and are therefore subject to the RTS SCA requirements?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

Articulation and interaction of the second and the third sub-paragraph of Article 74 (1) of the PSD2

In cases where the payer could not possibly detect the loss, theft or misappropriation of his instrument before it was used, is it correct to state that there can be no liability at all, including if the payer has acted with gross negligence?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Clarification on the protection requirements of a CustomerID when included in a payer-presented QR-code for the initiation of (instant) credit transfers at the Point of Interaction (POI)

  Are the Customer ID’s security measures (e.g., encryption, tokenisation, transport layer security) mentioned under Q&A 5476 to be always applied in any payer-presented QR code, regardless of who generates it (e.g., including a non-PSP)?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Provision of the "acquiring of payment transactions" payment service in the EU

Please provide your opinion on whether the payment service – acquiring of payment transactions on an EU webshop – can be provided by a payment service provider from a third country. Please refer to Q&A 4233.

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Application of SCA for confirmation of funds requests made by a PISP

1) Should two SCAs be applied when a fund confirmation is made by a PISP? i.e. one for fund confirmation and one for payment initiation? 2) Should ASPSPs provide confirmation to a CoF request made by a PISP before or after the payment is submitted?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication