Discussion on RTS on strong customer authentication and secure communication under PSD2
- Discussion
- 8 FEBRUARY 2016
The European Banking Authority (EBA) published today a Discussion Paper on strong customer authentication and secure communication. The revised Payment Services Directive (PSD2) will mandate the EBA to deliver Regulatory Technical Standards on this topic, which the EBA is required to deliver by January 2017. Prior to starting the development of these requirements, the EBA is issuing a Discussion Paper, with a view to obtaining early input into the development process. Responses can be submitted until 8 February 2016.
The revised Payment Services Directive (PSD2) is expected to enter into force in January 2016 and to apply from January 2018. The Directive will confer on the EBA the development of six technical standards and five sets of guidelines. The regulatory technical standards (RTS) on strong customer authentication and secure communication, on which the EBA has issued the DP today, is key to achieving the objective of the PSD2 of enhancing consumer protection, promoting innovation and improving the security of payment services across the European Union.
The RTS, which the EBA will be developing in close cooperation with the European Central Bank (ECB), will specify the requirements of the strong customer authentication; exemptions from the application of these requirements; requirements to protect the user’s security credentials; requirements for common and secure open standards of communication; and security measures between the various types of providers in the payments sector.
In so doing, the EBA and ECB will have to make difficult trade-offs between competing demands and would like to hear views from market participants on where the ideal balance should lie. The EBA and ECB have also identified various issues and suggest some clarifications that would similarly benefit from stakeholder feedback.
Next steps
Responses to this Discussion Paper can be sent to the EBA until 8 February 2016, by clicking on the "send your comments" button on the website. The EBA will assess the responses received, and use them as input for the development of the draft RTS, which it will publish in summer 2016, for a consultation period of three months.
Legal basis
The Directive of the European Parliament and of the Council on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC, is expected to be published in the Official Journal in December 2015. It would then enter into force in January 2016, and would apply from January 2018.
Responses
The form is now closed.
Received responses to the EBA
- 1. Prepaid Verband Deutschland e.V.
- 2. World Wide Web Consortium (W3C)
- 3. Payments UK, FFA UK, UK Cards Association
- 4. Association of Foreign Exchange and Payment Companies
- 5. Electronic Money Association
- 6. BOURSORAMA
- 7. Swedish Bankers' Association
- 8. German Banking Industry Committee
- 9. AS Sertifitseerimiskeskus
- 10. Budget Insight
- 11. Financial Data and Technology Association
- 12. Mobile Ecosystem Forum
- 13. iProov Limited
- 14. FBF
- 15. „Swedbank“, AB
- 16. Nets A/S
- 17. CyberSource Ltd
- 18. mBank S.A.
- 19. ING Bank N.V.
- 20. European Banking Federation
- 21. British Retail Consortium
- 22. BEUC, The European Consumer Organisation
- 23. Cecabank
- 24. Portuguese Banking Community
- 25. Klarna AB
- 26. Bundesverband der electronic cash Netzbetreiber (BecN) e.V.
- 27. Borchert IT-Sicherheit UG
- 28. Token
- 29. Dutch Payments Association / Currence iDEAL B.V.
- 30. EuroCommerce
- 31. Agency for Digitisation
- 32. SOFORT GmbH
- 33. ITALIAN BANKING ASSOCIATION
- 34. Bitkom - Germany's association of digital transformation
- 35. FNTC - Fédération des Tiers de Confiance / Federation of Trusted Third Parties
- 36. Isabel Group
- 37. UniCredit
- 38. Univ. Tuebingen, Willhem-Schickard-Institut fuer Informatik
- 39. iSignthis
- 40. Visa Europe
- 41. Smart Payment Association ( SPA)
- 42. European Association of Payment Service Providers for Merchants, EPSM
- 43. AFEPAME
- 44. Czech Banking Association
- 45. Romanian Banking Association
- 46. Austrian Federal Economic Chamber, Division Bank and Insurance
- 47. Irdeto B.V.
- 48. Interessengemeinschaft Kreditkartengeschäft (IK)
- 49. Danish Bankers Assocation
- 50. Cards Stakeholders Group
- 51. WebID Solutions GmbH
- 52. J. van Prooijen
- 53. Deutsche Bank
- 54. University of Applied Sciences Kaiserslautern
- 55. AIS European players : Bankin (FR), Eurobits (ES), Fdata (UK), Linxo (FR), SPIIR (DK), TINK (SE), Fintonik (ES), Ocu (ES), FIGO (DE), FranceFintech (FR)
- 56. Bundesverband der Zahlungsinstitute - Federal Association of Payment Institutions
- 57. Mazars
- 58. Bank of Cyprus
- 59. European Payments Council (EPC)
- 60. EUROPEAN CARD PAYMENT ASSOCIATION (ECPA)
- 61. ESBG
- 62. Fast IDentity Online (FIDO) Alliance
- 63. SLIMPAY
- 64. PaySquare SE
- 65. Nordea Bank AB (publ)
- 66. Icon Solutions Ltd
- 67. CARTES BANCAIRES CB
- 68. Giesecke & Devrient , München
- 69. Crédit Agricole S.A.
- 70. SOCIETE GENERALE
- 71. European Payment Institutions Federation (EPIF)
- 72. European Association of Co-operative Banks
- 73. WORLDLINE
- 74. DECO - Portuguese Association For Consumer Protection
- 75. VocaLink Ltd
- 76. Association of Latvian Commercial Banks
- 77. CA Technologies
- 78. Paypal
- 79. The Royal Bank of Scotland plc
- 80. SWIFT
- 81. CM Telecom
Documents
Discussion paper
(292.64 KB - PDF) Last update 8 December 2015
BSG response to Consultation Paper (EBA-DP-2015-03) - 08 February 2016
(135.49 KB - PDF) Last update 9 March 2016