- Question ID
-
2019_4795
- Legal act
- Directive 2015/2366/EU (PSD2)
- Topic
- Strong customer authentication and common and secure communication (incl. access)
- Article
-
97
- COM Delegated or Implementing Acts/RTS/ITS/GLs/Recommendations
- Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
- Article/Paragraph
-
1
- Type of submitter
-
Industry association
- Subject matter
-
Validity of SCA
- Question
-
If Strong customer suthentication (SCA) is required at the time of booking which is more than 90 days before the guest’s arrival, will hotels be able to process the payment at location with an expired authentication token? If not, can an SCA be renewed and who would be responsible for doing so?
- Background on the question
-
It appears from Regulation (EU) 2018/389 – RTS on strong customer authentication and secure communication, that SCA will only be valid for 90 days. In the hotel industry, it is not uncommon for a reservation to take place more than 90 days in advance of the guest’s arrival at the hotel, with reservations regularly being made more than a year in advance. With this type of payment, there is a specific time-frame foreseen in between booking a room and when the actual reservation takes place, to which the customer agrees in advance.
- Submission date
- Final publishing date
-
- Final answer
-
Article 97(1)(b) of Directive 2015/2366/EU (PSD2) prescribes that payment service providers (PSPs) shall apply strong customer authentication (SCA) where the payer initiates an electronic payment transaction.
PSD2 and the Commission Delegated Regulation (EU) 2018/389 do not specify a timeframe for the validity of an SCA applied at the time when a payer initiates an electronic payment transaction. Accordingly, PSD2 and the Delegated Regulation do not restrict the possibility for SCA to be applied more than 90 days in advance of a future-dated payment transaction.
- Status
-
Final Q&A
- Answer prepared by
-
Answer prepared by the EBA.
Disclaimer
The Q&A refers to the provisions in force on the day of their publication. The EBA does not systematically review published Q&As following the amendment of legislative acts. Users of the Q&A tool should therefore check the date of publication of the Q&A and whether the provisions referred to in the answer remain the same.