Question ID:
2019_5041
Legal Act:
Directive 2015/2366/EU (PSD2)
Topic:
Fraud reporting
Article:
96
Paragraph:
6
COM Delegated or Implementing Acts/RTS/ITS/GLs/Recommendations:
EBA/GL/2018/05 - EBA Guidelines on fraud reporting under PSD2 (amended by EBA/GL/2020/01)
Article/Paragraph:
Guideline 7.6
Disclose name of institution / entity:
No
Type of submitter:
Competent authority
Subject Matter:
Reporting of PISP initiated payments
Question:

Is there a requirement to segregate the Payment Initiation Service Provider (PISP) initiated payments which were executed without Strong customer authentication (SCA), by the relevant availed exemption used? Or are PISP initiated payments, only required to be presented in Bulk (Value, Volume, SCA/Non-SCA)?

Background on the question:

We would very much appreciate if you could clarify the reporting breakdown applicable to PISP initiated payments.

According to GL 7.6 and Annex 2, Table H of the EBA GL on fraud, PIS transactions should be reported per type of channel (remote/non-remote), per type of authentication (SCA/non-SCA) and per type of payment instrument (credit transfers/other). There is no breakdown per reason for non-strong customer authentication envisaged for the PISP initiated payments.

Date of submission:
12/12/2019
Published as Final Q&A:
24/07/2020
EBA Answer:

In accordance with Guidelines 7.5 and 7.6 of the EBA Guidelines on fraud reporting under PSD2 (EBA/GL/2018/05) as amended by the EBA Guidelines EBA/GL/2020/01, payment initiation services providers (PISPs) should report the executed payment transactions and fraudulent transactions they initiated, both by volume and value, in accordance with Data Breakdown H in Annex 2. Guideline 7.6 further clarifies that PISPs “should record and report data on volumes and values with the following breakdowns: a. geographical perspective, b. payment instrument, c. payment channel, and d. authentication method”.

There is no requirement for PISPs to include a breakdown of the transactions they have initiated depending on the reason for not applying strong customer authentication.

Status:
Final Q&A
Answer prepared by:
Answer prepared by the EBA.
Image CAPTCHA