Question ID:
Legal Act:
Directive 2015/2366/EU (PSD2)
Strong customer authentication and common and secure communication (incl. access)
COM Delegated or Implementing Acts/RTS/ITS/GLs/Recommendations:
Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
Disclose name of institution / entity:
Name of institution / submitter:
Bizum S.L.
Country of incorporation / residence:
Type of submitter:
Subject Matter:
Ability of Payee’s PSP to apply exemptions from SCA in credit transfers

Can the Payee’s Payment Services Provider (PSP) apply an exemption from strong customer authentication (SCA) in credit transfers that are initiated through the payee?

Background on the question:

The “Opinion of the European Banking Authority on the implementation of the RTS on SCA and CSC” issued on June 13th, 2018, includes a table in paragraph 40 (“Table 2”) that summarizes in which cases PSPs can apply the different exemptions mentioned in Articles 10-18 of the RTS on SCA and CSC.

According to this table, the Payee’s PSP cannot propose to apply any exemption at all if the payment is done by credit transfer. We understand that this is because credit transfers are typically initiated by the payer, so by the time the transaction reaches the Payee’s PSP the SCA has already been performed (or an exemption applied by the Payer’s PSP), and therefore it doesn’t make sense that the Payee’s PSP considers applying an exemption.

However, there are use cases in which a payment articulated via a credit transfer is initiated through the payee. For example, in Request to Pay, or in certain e-commerce payment services such as Bizum where the ecommerce payment is channeled by the same virtual Point of Sale (POS) as cards. In those cases, it does make sense that the Payee’s PSP may want to apply an exemption from SCA if the right conditions are met. Of course, as in all other cases, the Payer’s PSP will make the ultimate decision whether to accept the exemption, apply SCA, or decline the transaction.

Date of submission:
Published as Final Q&A:
Final Answer:

Article 97(1)(b) of Directive (EU) 2015/2366 (PSD2) prescribes that the payment service provider (PSP) shall apply ‘strong customer authentication (SCA) where the payer initiates an electronic payment transaction’. 

Article 4(24) of PSD2 defines a 'credit transfer' as a 'payment service for crediting a payee's payment account with a payment transaction or a series of payment transactions from a payer's payment account by the payment service provider which holders the payer's payment account, based on an instruction given by the payer'. 

Q&A 5247 clarified that credit transfers are by definition payer-initiated electronic payments and that SCA applies to them in accordance with Article 97(1)(b) of PSD2.

In addition, table 2 of the Opinion on the implementation of the RTS on SCA&CSC (EBA-Op-2018-04) indicated that payee’s PSPs cannot apply an exemption from SCA for credit transfers. 

Accordingly, the payee's PSP cannot apply an exemption from SCA when the payer initiates a credit transfer, even if the transaction is initiated through the payee.

Final Q&A
Answer prepared by:
Answer prepared by the EBA.