Regulatory Technical Standards on strong customer authentication and secure communication under PSD2

Status: Final draft RTS/ITS adopted by the EBA and submitted to the European Commission

The proposed Regulatory Technical Standards on strong customer authentication and secure communication are key to achieving the objective of the PSD2 of enhancing consumer protection, promoting innovation and improving the security of payment services across the European Union.

Links

Single Rulebook Q&A on Regulation (EU) 2018/389 – RTS on strong customer authentication and secure communication
Discussion on RTS on strong customer authentication and secure communication under PSD2 | News item

Summary of document history

Current version Ongoing versions

Draft Regulatory Technical Standards on strong customer authentication and secure communication under PSD2

Status: In force
Application date: 03/04/2018
Compliance deadline:

Documents

Final draft RTS on SCA and CSC under PSD2 (EBA-RTS-2017-02)

(1.27 MB - PDF) Last update 6 March 2017

Download

Letter from Olivier Guersent COM replying to the EBA Letter on RTS on SCA and CSC - 13022018

(47.18 KB - PDF) Last update 16 February 2018

Download

(EBA-2017-E-1315) Letter from O Guersent, FISMA re Commission intention to amend the draft RTS on SCA and CSC -Ares(2017)2639906

(273.68 KB - PDF) Last update 26 June 2017

Download

EBA Opinion on the amended text of the RTS on SCA and CSC (EBA-Op-2017-09)

(398.04 KB - PDF) Last update 29 June 2017

Download

Opinion on the deadline for the migration to SCA for e-commerce card-based payment transactions

(541.33 KB - PDF) Last update 16 October 2019

Download

Press release

EBA paves the way for open and secure electronic payments for consumers under the PSD2

23 February 2017

The European Banking Authority (EBA) published today its final draft Regulatory Technical Standards (RTS) on strong customer authentication and common and secure communication. These RTS, which were mandated under the revised Payment Services Directive (PSD2) and developed in close cooperation with the European Central Bank (ECB), pave the way for an open and secure market in retail payments in the European Union.

EBA publishes its Opinion in response to the European Commission intention to amend the EBA Technical Standards for open and secure electronic payments under the PSD2

30 June 2017

The European Banking Authority (EBA) published today an Opinion responding to the European Commission’s (EC) intention to amend the EBA’s draft Regulatory Technical Standards (RTS) on strong customer authentication and common and secure communication. In its Opinion, while agreeing with the aims sought in the EC’s amendments, the EBA voices its disagreement with three of the four concrete amendments the Commission proposes on the basis that it would negatively impact the fine trade-off and balances previously found in the RTS.

EBA publishes an Opinion on the use of eIDAS certificates under PSD2

31 July 2019

<p>The European Banking Authority (EBA) published today an Opinion on the use of eIDAS certificates under the Regulatory Technical Standards (RTS) on Strong Customer Authentication and Common and Secure Communication (SCA&CSC). In the Opinion, the EBA clarifies specific aspects on the use of qualified certificates for electronic seals (QSealCs) and qualified certificates for website authentication (QWACs) for the purpose of identification of payment service providers (PSPs) under the RTS, the content of these certificates, and the process for their revocation.</p>

EBA publishes an Opinion on the elements of strong customer authentication under PSD2

21 June 2019

The European Banking Authority (EBA) published today an Opinion on the elements of strong customer authentication (SCA) under the revised Payment Services Directive (PSD2). The Opinion is a response to continued queries from market actors as to which authentication approaches the EBA considers to be compliant with SCA. The Opinion also addresses concerns about the preparedness and compliance of some actors in the payments chain with the SCA requirements that apply as of 14 September 2019.

EBA publishes Opinion on the deadline and process for completing the migration to strong customer authentication (SCA) for e-commerce card-based payment transactions

16 October 2019

<p>The European Banking Authority (EBA) published today an Opinion on the deadline for the migration to SCA under the revised Payment Services Directive (PSD2) for e-commerce card-based payment transactions. The Opinion sets the deadline to 31 December 2020 and prescribes the expected actions to be taken during the migration period.</p>

Press contacts

Franca Rosa Congiu

Organisation and governance

Legal and policy framework

Supervisory convergence

Direct supervision and oversight

Information for consumers

Ad hoc activities

Risk analysis

Reporting frameworks

Data

Publications

Media centre

Regulatory Technical Standards on strong customer authentication and secure communication under PSD2

Summary of document history

Draft Regulatory Technical Standards on strong customer authentication and secure communication under PSD2

Documents

Final draft RTS on SCA and CSC under PSD2 (EBA-RTS-2017-02)

Letter from Olivier Guersent COM replying to the EBA Letter on RTS on SCA and CSC - 13022018

(EBA-2017-E-1315) Letter from O Guersent, FISMA re Commission intention to amend the draft RTS on SCA and CSC -Ares(2017)2639906

EBA Opinion on the amended text of the RTS on SCA and CSC (EBA-Op-2017-09)

Opinion on the deadline for the migration to SCA for e-commerce card-based payment transactions

Links

Press contacts