- Question ID
-
2018_4239
- Legal act
- Directive 2015/2366/EU (PSD2)
- Topic
- Strong customer authentication and common and secure communication (incl. access)
- Article
-
98
- Paragraph
-
1
- Subparagraph
-
(b)
- COM Delegated or Implementing Acts/RTS/ITS/GLs/Recommendations
- Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
- Article/Paragraph
-
17
- Name of institution / submitter
-
Swedish Bankers’ Association
- Country of incorporation / residence
-
Sweden
- Type of submitter
-
Industry association
- Subject matter
-
Applicability of exemption from strong customer authentication (SCA) under Article 17 for card payments
- Question
-
Is Article 17 of Regulation (EU) 2018/389 applicable for the payer’s Payment service provider (PSP) for card-based payments?
- Background on the question
-
This question relates to what we think is a mistake made by EBA in its opinion EBA-Op-2018-04, from which you could derive the conclusion that EBA thinks that exemption under Article 17 is not applicable for the payer’s PSP for card-based payments.
In its opinion, EBA-Op-2018-04 the EBA provides in Table 2 an overview of whether the payer’s PSP (issuer) and/or the payee’s PSP (acquirer) can decide on each of the exemptions set out under Articles 10 to 18.
In relation to Article 17 and the payee’s PSP’s ability to apply this exemption, the table says “No” for Credit transfers and “N/A” for Cards. Though we certainly agree that this exemption is only applicable for the Payer’s PSP, and not applicable for the Payee’s PSP, there should be no distinction in this between card-based payments versus credit transfers. I.e. this exemption is applicable for the payer’s PSP also for card-based payments, and the values for Article 17 in this table for the Payee’s PSP should be “No” for Cards as well as for “Credit Transfers”.
To compare with Article 15, for which there is also a “N/A” in the Cards column for the payee’s PSP: Article 15 explicitly refers to credit transfers, is therefore not applicable for card-based payments, and the “N/A” is therefore relevant. In Article 17 there is no mention of either credit transfers or card-based payments, and must therefore be applicable for both, i.e. the “N/A” is incorrect.
There are important solutions with dedicated processes and protocols between travel agencies, card issuers and their corporate customers that are based on the card infrastructure and card-based accounts, and should therefore be eligible to be exempted from SCA under Article 17.
- Submission date
- Final publishing date
-
- Final answer
-
The exemption under Article 17 of the Commission Delegated Regulation (EU) 2018/389 does not specify the types of payment instrument that could be used through processes or protocols. Accordingly, these processes and protocols could use a card payment instrument.
The EBA Opinion on the implementation of the regulatory technical standards on strong customer authentication and common and secure communication, EBA-Op-2018-04, does not suggest it cannot be applied but merely that such exemption could not be used by the payee’s Payment Service Provider (PSP).
- Status
-
Final Q&A
- Answer prepared by
-
Answer prepared by the EBA.
Disclaimer
The Q&A refers to the provisions in force on the day of their publication. The EBA does not systematically review published Q&As following the amendment of legislative acts. Users of the Q&A tool should therefore check the date of publication of the Q&A and whether the provisions referred to in the answer remain the same.