Search for Q&As

Enquirers can use various factors to search for a Q&A:

  • These include searching by the Q&A ID; legal reference, date submitted, technical standard / guideline, or by keyword if known.
  • Searches can be extended to more than one legal act, topic, technical standard or guidelines by making multiple selections (i.e. pressing 'Ctrl' on your keyboard, and selecting the relevant ones from the drop-down lists by left mouse-click).

Disclaimer:

Q&As refer to the provisions in force on the day of their publication. The EBA does not systematically review published Q&As following the amendment of legislative acts. Users of the Q&A tool should therefore check the date of publication of the Q&A and whether the provisions referred to in the answer remain the same.

Please note that the Q&As related to the supervisory benchmarking exercises have been moved to the dedicated handbook page. You can submit Q&As on this topic here.

List of Q&A's

Clarification of remote payment for dynamic linking

Is a SEPA Credit Transfer (SCT) transaction, whereby a user mobile phone interacts locally via Near Field Communication (NFC) with a merchant payment terminal to initiate the SCT transaction, whereby the user mobile phone does not communicate remotely over a mobile network for this purpose but whereby the payment terminal connects on-line to a payment system and handles the required strong customer authentication (SCA) through this on-line channel, considered an electronic remote payment transaction?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

ASPSP restricting access for TPPs who embeds the redirect

Do Account Servicing Payment Service Providers (ASPSPs) have the right to block access to payment accounts for a Third Party Provider (TPP) who embeds the ASPSP-provided redirection website in order to provide the Payment Service User (PSU) with a TPP-provided user interface?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Payment Initiation Service - Batch payment / bulk payment

Can you apply the PSD2 non-discrimination principle to batch/bulk payment?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

Application of the exemption under Article 10 RTS and EBICS T

Can an Account Servicing Payment Service Provider (ASPSP) consider that it is not applying the Article 10 Exemption under the Commission Delegated Regulation (EU) 2018/389 “at all” where it permits its Payment Services Users (PSUs) to access balances and transactions information through another direct interface (such as Electronic Banking Internet Communication Standard (EBICS) T) with no systematic or daily strong customer authentication (SCA)?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

Re-engineering by TPP of the ASPSP’s redirect API and PSU customer journey

May a Payment Initiation Services Provider (PISP) connect to the dedicated interface of the ASPSP, only to subsequently embed (“screen scrape”) the redirection approach into their own environment, without redirecting the PSU to the ASPSP’s mobile banking app, for authentication?  Are Third-Party Providers (TPPs) allowed to re-engineer the customer journey designed by the ASPSP to the effect that authentication of the PSU will take place in the TPP domain?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

SCA requirements with dynamic linking for mobile initiated credit transfers (MSCTs)

Can mobile initiated credit transfers (MSCT) solutions whereby a proximity technology (e.g. NFC, QR-code, BLE, etc.) is used for the exchange of payer identification data between the payer’s mobile device and the payee’s payment terminal but a mobile network is used (e.g. by a dedicated app) on the payer’s mobile device for the payer authentication, be considered as a proximity payment whereby strong customer authentication (SCA) may apply without requiring dynamic linking?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

Individual's name to return in AISP/PISP calls

Is the name returned in an Account Information Service Provider (AISP) / Payment Initiation Service Provider (PISP) call expected to be that of the Payment Service User (PSU) who has initiated the transaction with the Third Party Provide (TPP), or of the actual account owner/holder?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

Acquisition and money remittance payment service

Can a payment institution (PI) which provides a payment service of acquiring of payment transactions for its users can provide this service without holding payment account.

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Money Remittance

Where an entity accepts payment on behalf of a payee (such as a debt collector and the debt due to the payee is extinguished upon receipt of payment by the debt collector), is it correct to say that this does not constitute Money Remittance? (i.e. there is no need to rely on the commercial agency exemption since there is no payment service being provided). In addition, if there is no Money Remittance in this situation, can the same be said if the entity receives money into one account then pays these monies to a second account in its name,before transferring the money to the relevant payee? If this is Money Remittance, can the commercial agency exemption be relied on where an entity receives monies but then transfers them to another account held by it before then transferring to the relevant payee?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Access to account for FinTech Solutions that incorporate regulated services

Do FinTech companies offer payment accounts by their use of regulated services as part of their offering and are they therefore required to provide access to accounts to Third Party Providers (TPPs)?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

AISPs and scope of application AML requirements

1. To what extend do AISPs need to comply with the obligations in relation to anti-money laundering and terrorist financing under Directive (EU) 2015/849 of the European Parliament? 2. Is a requirement for AISPs on the basis of national law and national supervisory practices to submit to the competent supervisor a description of the internal control mechanisms with regard to AML regulations compliant with PSD2 and EBA’s Guidelines on Guidelines on authorisation and registration under PSD2?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Mount unattended contactless device on general goods vending machines

With the limits described in Articles 11 and 16 of the Regulatory Technical Standards on strong customer authentication and secure communication under Directive 2015/2366/EU (PSD2), could a vendor mount an unattended "contactless only" device without pinpad on a general goods vending machine?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

API functionality

Does Article 64(2) of PSD2 limit the ability of Payment Initiation Service Providers (PISPs) to initiate a single payment transaction for immediate execution only?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Strong customer authentication requirement on pay-by-invoice payment transactions

Does Article 97(1)(b) PSD2 apply for pay-by-invoice when the payer's funds are covered by a credit line extended by a payment service provider?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Irrevocability of a payment order initiated by a PISP

The EBA Opinion on the implementation of the RTS on SCA and CSC (EBA-Op-2018-04) contains a Table entitled “Main requirements for dedicated interfaces and API initiatives” and Row 9 refers to the possibility of “cancelling an initiated transaction in accordance with PSD2, including recurring transactions”. Please clarify that these requirements will not apply to single payment transactions initiated by Payment Initiation Service Providers (PISPs) for immediate execution?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

Definition of an electronic remote payment transaction

What are the demarcation criteria of the term „remote payment transaction“, which is an essential term in the RTS on SCA and CSC?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

Scope - Limited network exclusion

Is there a geographical limitation with regard to a limited network of service providers?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

More than one transaction from a single consumer initiated transaction

When a consumer elects to add an additional item to their purchase at the time of checkout (a cross sale) they are making two purchases from two different merchants in a single session. Is SCA required for both of these transactions? This would make the user experience very clumsy and awkward as the consumer would have to go through SCA twice in a row during a single checkout.

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable

SCA for staff assisted electronic channel

Please clarify where a customer is physically present and identified in branch, the strong customer authentication (SCA) requirements if that customer completes a Standing Order instruction (Setup, Amend or Cancel) or initiates a credit transfer through a staff assisted electronic channel (i.e. tablet device)?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication

Association of personalised security credentials to the payment service user

Should strong customer authentication (SCA) elements always be issued under control of the Account service Payment Services Provider (ASPSP)?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication