Search for Q&As

Enquirers can use various factors to search for a Q&A:

  • These include searching by the Q&A ID; legal reference, date submitted, technical standard / guideline, or by keyword if known.
  • Searches can be extended to more than one legal act, topic, technical standard or guidelines by making multiple selections (i.e. pressing 'Ctrl' on your keyboard, and selecting the relevant ones from the drop-down lists by left mouse-click).

Disclaimer:

Q&As refer to the provisions in force on the day of their publication. The EBA does not systematically review published Q&As following the amendment of legislative acts. Users of the Q&A tool should therefore check the date of publication of the Q&A and whether the provisions referred to in the answer remain the same.

Please note that the Q&As related to the supervisory benchmarking exercises have been moved to the dedicated handbook page. You can submit Q&As on this topic here.

Final Q&As Q&As under review Rejected Q&As Archived Q&As All Q&As

List of Q&A's

Application of the strong customer authentication (SCA) in case of refund

Does a refund, which is considered as an electronic payment transaction, be subject to  strong customer authentication (SCA)? Does a merchant that initiates a refund request be considered as a payer? If so, does a Payment service provider (PSP), that holds the payment account of a Merchant, have to set up SCA each time his Merchant is doing a refund from its payment account?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2019_4855
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 23/04/2021

Legal requirements for the authentication procedure when SCA exemptions are applied for remote payment transactions

What are the legal requirements for the type of authentication procedure used when conditions for the application of of Strong customer authentication (SCA) exemption for remote payment transactions are fulfilled?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2020_5673
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 09/04/2021

How to use bank guarantees instead of PII

Is it acceptable to use third party (other than credit institutions) commitments that are covered by a guarantee from a credit institution as a comparable guarantee instead of professional indemnity insurance (PII)?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2017/08 - Guidelines on the criteria on how to stipulate the minimum monetary amount of the professional indemnity insurance
  • ID: 2020_5335
  • Topic: Monetary amount of the professional indemnity insurance
  • Date of submission:
  • Published as final Q&A: 09/04/2021

Card payments - acquirer

If an acquirer is not able to distinguish whether a card used for a payment is a card with an e-money function, is the acquirer required to report transactions with such cards under the EBA Guidelines on fraud reporting, and if so, under what breakdown?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: EBA/GL/2018/05 - Guidelines on fraud reporting under PSD2 (amended by EBA/GL/2020/01)
  • ID: 2019_5045
  • Topic: Fraud reporting
  • Date of submission:
  • Published as final Q&A: 09/04/2021

Chip and Signature cards and their inclusion in the remit of RTS Article 11

Is cardholder signature a strong method of authentication when transacting with card present?If so, is there a requirement to ensure that on Chip and Signature cards we step up to signature from contactless after 5 contactless /cumulative value of 150 euros?If a signature is not considered to be strong customer authentication (SCA), are chip and signature cards exempt from SCA requirements under Article 11 of the RTS on strong customer authentication and secure communication?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2018_4342
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 09/04/2021

Trusted Beneficiaries

Article 13 of the RTS on strong customer authentication (SCA) and secure communication does not seem to restrict the use of trusted beneficiaries beside the fact that the payee must be in the list of trusted beneficiaries when initiating the payment transaction. Is it correct to conclude from this that the usage of trusted beneficiaries is not further restricted and can, therefore, also be implemented as a generic beneficiary approval step prior to every initiation of a payment transaction?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2018_4338
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 09/04/2021

Type of accounts accessible through common and secure communication

Should credit lines (namely “credit cards accounts”), accessible online, be available to Account Information Service Provider (AISP), Payment Initiation Service Provider (PISP) and Card Based Payment Instrument Issuer (CBPII)?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2019_4856
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 12/03/2021

Payment accounts and reference accounts

Are payment accounts, which are coupled with a reference account, in scope of PSD2 especially Regulation (EU) 2018/389 – RTS on strong customer authentication (SCA) and secure communication (CSC)?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2018_4272
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 12/03/2021

Credit value date for payment transactions with currency conversion

As a credit entry on an account is possible only in the currency the account is maintained, does this mean that for a payment transaction the credit value date for the payee's account is no later than the business day on which the amount in the payee's account currency is credited to the payee's payment service provider's account?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2018_4150
  • Topic: Other topics
  • Date of submission:
  • Published as final Q&A: 12/03/2021

Sanctions list screening in the context of TPPs' services - risk management policy

Is the Account Servicing Payment Service Provider (ASPSP) obliged to recognise if a Third Party Payment Service Providers (TPP) is named on a sanctions list or even take some actions when the TPP becomes a designated entity? How the prohibition of directly or indirectly making funds or economic resources available to designated persons and entities is defined in this context?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2018_4117
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 12/03/2021

On the application of SCA when cancelling a payment transaction

Should Account Servicing Payment Service Providers (ASPSPs) apply strong customer authentication (SCA) when cancelling recurring transactions?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2018_4083
  • Topic: Other topics
  • Date of submission:
  • Published as final Q&A: 12/03/2021

On the use and storage of Personalised Security Credentials (PSC)

Do third party providers (TPPs) have the right to ask for payment service users (PSUs)' Personalised Security Credentials (PSC)?Do TPPs have the right to store PSUs' PSC ?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2018_4077
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 12/03/2021

Consumer mandate under Merchant Initiated Transactions

Terms and Conditions to outline future charges (under Merchant Initiated Transactions (MITs)) may be disclosed by the booking entity (such as online travel agent or brand/hotel group) instead of the hotel merchant. Does the consumer acknowledgement of these terms through a party other than the merchant (in this case, the hotel) meet the MIT requirement? Will the merchant in this situation continue to be the hotel, instead of the intermediary?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2019_4794
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 12/03/2021

Merchant Initiated Transactions exemption for hotel transactions

For the following scenarios, does digital acknowledgement by the consumer at time of booking that subsequent charges may be collected adequately meet the requirement for Merchant Initiated Transactions if SCA is also taken at time of booking:i. total room charges and applicable taxes disclosed to the consumer when a prepaid rate has been selected.ii. deposit amount disclosed to the consumer when the reservation requires payment of a deposit to guarantee the booked room and/or dates.iii. disclosed late cancellation or no-show fee incurred by the consumer if the consumer fails to cancel their reservation per the disclosed cancellation policy.iv. disclosed descriptions of types of charges that will be processed by the hotel merchant if incurred after payment for the stay has been settled. Examples include but are not limited to charge-to-room meals, spa treatments, retail purchases, mini-bar consumption identified by housekeeping and room damage.

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2019_4792
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 12/03/2021

Processing payments for hotel reservations

Can hotels continue to process payments for which strong customer authentication (SCA) has not been completed at the time of reservation, or for charges which do not become apparent until after the customer has departed the hotel and for which he/she may refuse to conclude a first or additional SCA?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2019_4791
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 12/03/2021

Keyed Mail Order or Telephone Order (MO-TO) transactions

In the hotel industry, if a consumer contacts the hotel directly to make a reservation, the hotel may need to manually key the payment details into their payment terminals. Does this qualify as a Mail Order or Telephone Order (MO-TO) transaction?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2019_4790
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 12/03/2021

Treatment of electronic bookings similar to Mail Order and Telephone Orders (MO-TO) transactions

Would hotel use-cases, which include reservations taken by third parties (such as online travel agents or brand/hotel group) for the merchant and subsequent transactions (such as post-booking processing of prepaid rates or deposits, processing of cancellation/no-show fees, processing of post-checkout charges) fall under the scope of Mail Order and Telephone Orders (MO-TO) transactions and are they therefore excluded from the strong customer authentication (SCA) requirements?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
  • ID: 2019_4788
  • Topic: Strong customer authentication and common and secure communication (incl. access)
  • Date of submission:
  • Published as final Q&A: 12/03/2021

Calculation of own funds required for payment institution in the Article 9 of Directive EU 2015/36 (PSD2) when "input funds" are credit transfers and "output funds" are direct debit

How to compute the “total amount of payment transactions executed” referred to in the calculation of “payment volume” for method B in the Article 9 of Directive EU 2015/36 (PSD2) when "input funds" on the payment account are credit transfers and "output funds" are direct debit?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2018_4299
  • Topic: Authorisation and registration
  • Date of submission:
  • Published as final Q&A: 12/03/2021

Calculation of own funds required for payment institution in Article 9 of Directive EU 2015/36 (PSD2) when the payment institution offers acquiring services

How to compute the “total amount of payment transactions executed” referred to in the calculation of “payment volume” for method B in the Article 9 of Directive EU 2015/36 (PSD2) when the payment institution offers acquiring services?

  • Legal act: Directive 2015/2366/EU (PSD2)
  • COM Delegated or Implementing Acts/RTS/ITS/GLs: Not applicable
  • ID: 2018_4298
  • Topic: Authorisation and registration
  • Date of submission:
  • Published as final Q&A: 12/03/2021