- Question ID
-
2023_6863
- Legal act
- Directive 2015/2366/EU (PSD2)
- Topic
- Strong customer authentication and common and secure communication (incl. access)
- Article
-
98
- COM Delegated or Implementing Acts/RTS/ITS/GLs/Recommendations
- Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
- Article/Paragraph
-
9
- Type of submitter
-
Consultancy firm
- Subject matter
-
Mobile Banking Services and SCA in the same app
- Question
-
We use a mobile app, software installed in a separate sandbox on a multi-purpose device, for the elements of strong customer authentication. Is it correct to assume that Article 9 (in COMMISSION DELEGATED REGULATION (EU) 2018/ 389) does not prevent us from offering mobile banking services through the same app?
- Background on the question
-
Article 9 - 3 (a) mentions the "use of separated secure execution environments through the software installed inside the multi-purpose device". It is not 100% clear, how this use of a separated execution environment applies to mobile banking services.
- Submission date
- Status
-
Question under review
- Answer prepared by
-
Answer prepared by the EBA.