PSD 2 and EBA PSD2 entered into force on 12 January 2016 and will replace the current Payment Services Directive (in force since 2007) as of 13 January 2018. Under PSD 2, EBA has a role to develop (in close cooperation with the European Central Bank) a range of draft regulatory technical standards (RTS) specifying, amongst other, the requirements of strong customer authentication and the exceptions thereto.
Security of payments under PSD 2 PSD 2 introduces strict security requirements for the initiation and processing of electronic payments, which apply to all payment services providers (PSPs). PSPs will be bound to apply strong customer authentication when a payer initiates an electronic payment transaction. Strong customer authentication is an authentication process that validates the identity of the user of a payment service or of the payment transaction and is based upon the use of two or more elements categorized as:
- knowledge (something only the user knows, e.g. a password or a PIN);
- possession (something only the user possesses, e.g. the card or an authentication code generating device); and
- inherence (something the user is, e.g. the use of a fingerprint or voice recognition) to validate the user or the transaction.
Read the full text