Question ID
2024_7261
Legal act
Directive 2015/2366/EU (PSD2)
Topic
Other topics
Article
66
Paragraph
4
Subparagraph
b
COM Delegated or Implementing Acts/RTS/ITS/GLs/Recommendations
Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
Article/Paragraph
35.4.b
Type of submitter
Other
Subject matter
Obstacles Faced by PISPs in Accessing Payment Status Information Under PSD2
Question

Are ASPSPs allowed to require PISPs to provide any additional identifier beyond what is specified in Article 35.4.b of the RTS in order to access information about the execution of a payment order?

Background on the question

In accordance with Articles 66.4.b of the PSD2, Account Servicing Payment Service Providers (ASPSPs) are required to provide or make available all necessary information on the initiation and execution of payment transactions to Payment Initiation Service Providers (PISPs) upon receipt of a payment order. Specifically, Article 66.4.b mandates that this information be shared with the PISP immediately following the payment initiation, while RTS Article 35.4.b stipulates that all parties involved must include unequivocal references to identify each payment order

Additionally, Article 36.1.b of the RTS requires that PISPs have access to all relevant information about the initiation and execution of payment orders. 

However, some ASPSPs, unlike the broader industry standard, impose additional requirements, such as mandating the use of a "user token" to access payment execution information.

 

This practice conflicts with broader industry standards, where ASPSPs provide the necessary information without imposing similar constraints. Requiring "user tokens" undermines the uniformity intended by PSD2, leads to inconsistency among ASPSPs, and hinders PISPs' ability to comply with their obligations under PSD2 and the RTS.

 

Submission date
Final publishing date
Final answer

Under Article 66(4)(b) of Directive (EU) 2015/2366 (PSD2), Account Servicing Payment Service Providers (ASPSPs) are required to provide Payment Initiation Service Providers (PISPs), “immediately after receipt of the payment order” from the PISP, with all information on the initiation of the payment transaction and all information accessible to the ASPSP regarding the execution of the payment transaction.

This requirement is also set out in Article 36(1)(b) of Commission Delegated Regulation (EU) 2018/389 (the Delegated Regulation), which specifies that ASPSPs “shall, immediately after receipt of the payment order, provide [PISPs] with the same information on the initiation and execution of the payment transaction provided or made available to the payment service user when the transaction is initiated directly by the latter”.

As clarified in Q&A 4601, it follows from the above legal provisions that PISPs are entitled under Article 66(4)(b) PSD2 to the information on the execution status that is accessible to the ASPSP immediately after receipt of the payment order. PSD2 does not require ASPSPs to provide updates at a later stage. While ASPSPs may voluntarily provide such additional updates, they are not legally obliged to do so.

Article 35(4)(b) of the Delegated Regulation, cited by the submitter, requires that PISPs include a unique reference to the payment transaction initiated. This provision relates to the secure identification and traceability of the transaction during the communication between ASPSPs and PISPs, and does not govern the conditions under which execution status information may be accessed after the transaction has been initiated.

Accordingly, if an ASPSP chooses to provide additional execution status information to PISPs beyond what is required under PSD2, it may define the technical and security conditions for such access. This may include asking for an user token, provided such mechanisms do not obstruct access to the information that ASPSPs are legally required to provide under PSD2.

Status
Final Q&A
Answer prepared by
Answer prepared by the EBA.

Disclaimer

The Q&A refers to the provisions in force on the day of their publication. The EBA does not systematically review published Q&As following the amendment of legislative acts. Users of the Q&A tool should therefore check the date of publication of the Q&A and whether the provisions referred to in the answer remain the same.