Wolf Theiss
Home / Knowledge / 

PSD2: EBA CONSULTS ON STRONG CUSTOMER AUTHENTICATION AND COMMON AND SECURE COMMUNICATION

On 12 August 2016 the European Banking Authority (EBA) published a Consultation Paper on draft regulatory technical standards on strong customer authentication and common and secure communication under the revised Payment Services Directive (EU) 2015/2366 (PSD2).

Read more

PSD 2 and EBA

 

PSD2 entered into force on 12 January 2016 and will replace the current Payment Services Directive (in force since 2007) as of 13 January 2018.

Under PSD 2, EBA has a role to develop (in close cooperation with the European Central Bank) a range of draft regulatory technical standards (RTS) specifying, amongst other, the requirements of strong customer authentication and the exceptions thereto.


Security of payments under PSD 2

 

PSD 2 introduces strict security requirements for the initiation and processing of electronic payments, which apply to all payment services providers (PSPs).

PSPs will be bound to apply strong customer authentication when a payer initiates an electronic payment transaction. Strong customer authentication is an authentication process that validates the identity of the user of a payment service or of the payment transaction and is based upon the use of two or more elements categorized as:

  • knowledge (something only the user knows, e.g. a password or a PIN);
  • possession (something only the user possesses, e.g. the card or an authentication code generating device); and
  • inherence (something the user is, e.g. the use of a fingerprint or voice recognition) to validate the user or the transaction.

Certain requirements for the protection of online payments have already been implemented through the EBA's Guidelines on the Security of Internet Payments, which was issued on 19 December 2014 and came into force on 1 August 2015.

 

Consultation process and deadline

 

The Consultation Paper may be found on EBA's website at https://www.eba.europa.eu/-/eba-consults-on-strong-customer-authentication-and-secure-communications-underpsd2.

According to EBA's press release, the deadline for the submission of comments is 12 October 2016 (no attachments can be submitted). A public hearing will take place at the EBA premises on Friday 23 September 2016, from 14.00 to 17.00 UK time.

 

 

For further information please contact

Bryan W.
Jardine
Partner
Romania
Claudia
Chiper
Counsel
Romania

Find a Lawyer

Top