Is there a requirement to segregate the Payment Initiation Service Provider (PISP) initiated payments which were executed without Strong customer authentication (SCA), by the relevant availed exemption used? Or are PISP initiated payments, only required to be presented in Bulk (Value, Volume, SCA/Non-SCA)?
We would very much appreciate if you could clarify the reporting breakdown applicable to PISP initiated payments.
According to GL 7.6 and Annex 2, Table H of the EBA GL on fraud, PIS transactions should be reported per type of channel (remote/non-remote), per type of authentication (SCA/non-SCA) and per type of payment instrument (credit transfers/other). There is no breakdown per reason for non-strong customer authentication envisaged for the PISP initiated payments.
In accordance with Guidelines 7.5 and 7.6 of the EBA Guidelines on fraud reporting under PSD2 (EBA/GL/2018/05) as amended by the EBA Guidelines EBA/GL/2020/01, payment initiation services providers (PISPs) should report the executed payment transactions and fraudulent transactions they initiated, both by volume and value, in accordance with Data Breakdown H in Annex 2. Guideline 7.6 further clarifies that PISPs “should record and report data on volumes and values with the following breakdowns: a. geographical perspective, b. payment instrument, c. payment channel, and d. authentication method”.
There is no requirement for PISPs to include a breakdown of the transactions they have initiated depending on the reason for not applying strong customer authentication.