Search for Q&As

Enquirers can use various factors to search for a Q&A:

  • These include searching by the Q&A ID; legal reference, date submitted, technical standard / guideline, or by keyword if known.
  • Searches can be extended to more than one legal act, topic, technical standard or guidelines by making multiple selections (i.e. pressing 'Ctrl' on your keyboard, and selecting the relevant ones from the drop-down lists by left mouse-click).

Disclaimer:

Q&As refer to the provisions in force on the day of their publication. The EBA does not systematically review published Q&As following the amendment of legislative acts. Users of the Q&A tool should therefore check the date of publication of the Q&A and whether the provisions referred to in the answer remain the same.

Please note that the Q&As related to the supervisory benchmarking exercises have been moved to the dedicated handbook page. You can submit Q&As on this topic here.

Final Q&As Q&As under review Rejected Q&As Archived Q&As All Q&As

List of Q&A's

Clarification of meanings 'transferring of funds' and 'another payment service provider’ in the context of article 10(1)(a) of PSD2

1) How to understand the meaning 'another payment service provider', specified in Article 10(1)(a) of PSD2? What is the definition of this meaning in the context of Article 10(1)(a) of PSD2? 2) How to understand the meaning ‘transferred to another payment service provider’, specified in Article 10(1)(a) of PSD2? In particular, is it possible to consider as 'transferred to another payment service provider' transferring of funds (which have been received by Payment service provider No. 1 from the payment service users or through another payment service provider for the execution of payment transactions) on payment account of the payment service provider No. 1, that is opened with Payment service provider No. 2? On what legal basis the transfer of funds must take place in order to be considered 'transferred to another payment service provider'?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2020_5502
  • Topic: Other topics
  • Date of submission:
  • Published as final Q&A: 06/01/2023

“Triangular ” passport

Are “triangular” passports possible under the current legal framework governing the passporting rights among the EU Member States?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2017/2055 - RTS on passporting under PSD2
  • ID: 2021_5726
  • Topic: Passporting
  • Date of submission:
  • Published as final Q&A: 06/01/2023

Ability of a creditor to change a mandate

Can a creditor introduce changes to a mandate, in accordance to Article 64(2) PSD2, by observing the same procedure as described in Article 54(1), i.e. by informing debtor that the collection of the amount due, as agreed in the mandate, will continue unless debtor indicates the contrary?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2020_5479
  • Topic: Other topics
  • Date of submission:
  • Published as final Q&A: 06/01/2023

Safeguarding

Are payment institutions able to simultaneously adopt different safeguarding methods with respect to funds held?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2020_5264
  • Topic: Authorisation and registration
  • Date of submission:
  • Published as final Q&A: 06/01/2023

Collection of fees for utilities or other regular services

Does a business model where the contributions (collected fees for utilities or other regular services) received from the payers are transferred to the payees (service providers) in individual transfers, without opening or maintaining accounts on behalf of neither payers nor payees (service providers), nor issuing any payment instruments to them, but the Company has contracts with the payees for accepting the transfers, constitute the provision of money remittance service as it is defined in Article 4(22) PSD2?Does a business model where the contributions (collected fees for utilities or other regular services) received from the payers are being aggregated and then transferred to the payee (service provider), without opening or maintaining accounts on behalf of neither payers nor payees (service providers), nor issuing any payment instruments to them, constitute the provision of money remittance service to the payer and acquiring of payment transactions service to the payee, as money remittance and acquiring of payment transactions are defined in Article 4(22) and (44) PSD2?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2020_5099
  • Topic: Authorisation and registration
  • Date of submission:
  • Published as final Q&A: 06/01/2023

Information on the host member State in which Third Party Providers (TPPs) provide services

If a payment institution, in the specific form present in the EBA register under PSD2, presents an EU passport, does this mean that the Third Party Provider (TPP) is authorised to operate for the services indicated in all EU countries?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2019/411 - RTS on EBA register under PSD2
  • ID: 2021_6078
  • Topic: Central register of the EBA
  • Date of submission:
  • Published as final Q&A: 14/10/2022

Change of TPP access rights for AIS consent by the PSU prior to authorisation

A clarification / harmonised guidance on the Scope of the Bank Offered Consent, as defined in the Berlin Group standard, is needed.

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2021_6246
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 14/10/2022

Clarification on the protection requirements of a CustomerID when included in a payer-presented QR-code for the initiation of (instant) credit transfers at the Point of Interaction (POI)

  Are the Customer ID’s security measures (e.g., encryption, tokenisation, transport layer security) mentioned under Q&A 5476 to be always applied in any payer-presented QR code, regardless of who generates it (e.g., including a non-PSP)?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2021_6298
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 14/10/2022

Future-dated payments and recurring transactions

When it comes to recurring transactions and future-dated payments, would an implementation of the PSD2-interface that requires that the TPPs store the payment details until due date, and not until due date are they allowed to send the transactions to the ASPSP for execution, satisfy the requirements in Opinion on the implementation of the RTS on SCA and SCA (EBA-Op-2018-04) of June 13, 2018' paragraph 29, in cases where the ASPSP itself offers future-dated payments and recurring transactions in their mobile/web-bank application? If the answer to the preceding question is yes, what then is the meaning of the statement '… a PISP has the right to initiate the same transactions that the ASPSP offers to its own PSUs, such as … recurring transactions, … and future-dated payments'?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2021_6318
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 14/10/2022

API functionality

Is it allowed to use a dedicated PSD2 interface by a TPP that identifies itself with an eIDAS certificate for purposes other than those specified in Article 30(1)(b) - (c) of the RTS on strong customer authentication (SCA) and secure communication? 

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2022_6392
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 14/10/2022

Annex VI - Agentes/distributors

Please clarify whether under Directive 2015/2366, in the exchange of notifications between NCAs, Annex VI of the Commission Delegated Regulation (EU) 2017/2055 should be sent concerning each new agent/distributor or only for the first agent/distributor acting on behalf of a payment/e-money institution.

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2017/2055 - RTS on passporting under PSD2
  • ID: 2022_6437
  • Topic: Passporting
  • Date of submission:
  • Published as final Q&A: 14/10/2022

Clarification of remote payment for dynamic linking

Is a SEPA Credit Transfer (SCT) transaction, whereby a user mobile phone interacts locally via Near Field Communication (NFC) with a merchant payment terminal to initiate the SCT transaction, whereby the user mobile phone does not communicate remotely over a mobile network for this purpose but whereby the payment terminal connects on-line to a payment system and handles the required strong customer authentication (SCA) through this on-line channel, considered an electronic remote payment transaction?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2020_5247
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 13/04/2022

ASPSP restricting access for TPPs who embeds the redirect

Do Account Servicing Payment Service Providers (ASPSPs) have the right to block access to payment accounts for a Third Party Provider (TPP) who embeds the ASPSP-provided redirection website in order to provide the Payment Service User (PSU) with a TPP-provided user interface?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2021_6245
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 13/04/2022

Payment Initiation Service - Batch payment / bulk payment

Can you apply the PSD2 non-discrimination principle to batch/bulk payment?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2021_6236
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 13/04/2022

Application of the exemption under Article 10 RTS and EBICS T

Can an Account Servicing Payment Service Provider (ASPSP) consider that it is not applying the Article 10 Exemption under the Commission Delegated Regulation (EU) 2018/389 “at all” where it permits its Payment Services Users (PSUs) to access balances and transactions information through another direct interface (such as Electronic Banking Internet Communication Standard (EBICS) T) with no systematic or daily strong customer authentication (SCA)?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2021_6235
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 13/04/2022

Re-engineering by TPP of the ASPSP’s redirect API and PSU customer journey

May a Payment Initiation Services Provider (PISP) connect to the dedicated interface of the ASPSP, only to subsequently embed (“screen scrape”) the redirection approach into their own environment, without redirecting the PSU to the ASPSP’s mobile banking app, for authentication?  Are Third-Party Providers (TPPs) allowed to re-engineer the customer journey designed by the ASPSP to the effect that authentication of the PSU will take place in the TPP domain?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2021_6044
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 13/04/2022

SCA requirements with dynamic linking for mobile initiated credit transfers (MSCTs)

Can mobile initiated credit transfers (MSCT) solutions whereby a proximity technology (e.g. NFC, QR-code, BLE, etc.) is used for the exchange of payer identification data between the payer’s mobile device and the payee’s payment terminal but a mobile network is used (e.g. by a dedicated app) on the payer’s mobile device for the payer authentication, be considered as a proximity payment whereby strong customer authentication (SCA) may apply without requiring dynamic linking?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2020_5367
  • Topic: Other topics
  • Date of submission:
  • Published as final Q&A: 13/04/2022

Individual's name to return in AISP/PISP calls

Is the name returned in an Account Information Service Provider (AISP) / Payment Initiation Service Provider (PISP) call expected to be that of the Payment Service User (PSU) who has initiated the transaction with the Third Party Provide (TPP), or of the actual account owner/holder?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2020_5165
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 18/03/2022

Acquisition and money remittance payment service

Can a payment institution (PI) which provides a payment service of acquiring of payment transactions for its users can provide this service without holding payment account.

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2020_5181
  • Topic: Authorisation and registration
  • Date of submission:
  • Published as final Q&A: 18/03/2022

Money Remittance

Where an entity accepts payment on behalf of a payee (such as a debt collector and the debt due to the payee is extinguished upon receipt of payment by the debt collector), is it correct to say that this does not constitute Money Remittance? (i.e. there is no need to rely on the commercial agency exemption since there is no payment service being provided). In addition, if there is no Money Remittance in this situation, can the same be said if the entity receives money into one account then pays these monies to a second account in its name,before transferring the money to the relevant payee? If this is Money Remittance, can the commercial agency exemption be relied on where an entity receives monies but then transfers them to another account held by it before then transferring to the relevant payee?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2020_5216
  • Topic: Authorisation and registration
  • Date of submission:
  • Published as final Q&A: 18/03/2022