Question ID:
Legal Act:
Directive 2015/2366/EU (PSD2)
Strong customer authentication and common and secure communication (incl. access)
COM Delegated or Implementing Acts/RTS/ITS/GLs/Recommendations:
Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
Article 11
Disclose name of institution / entity:
Type of submitter:
Credit institution
Subject Matter:
Contactless transactions - SCA

Does the cumulative count / authorised sum amount apply to any contactless authorisation request, regardless if the request was approved or not?

Background on the question:

The context of the question is around the practical methodology for calculating whether or not for each contactless transaction the contactless exemption available cited in Article 11 of the RTS could be used. The questions is relevant as it raises an issue as to the practical and consistent application across the industry of the exemption. 

The third of the three conditions for exemption from SCA in Article is:

c) the number of consecutive contactless electronic payment transactions initiated via the payment instrument offering a contactless functionality since the last application of strong customer authentication does not exceed five.

The submitted question seeks to answer whether the authorisation decision of the previous five contactless transactions affects whether they are counted or not. I.e. does 'initiated' include all attempted transactions, or only those that were authorised and approved by the issuer?

Date of submission:
Published as Final Q&A:
EBA Answer:

Article 11 of the Commission Delegated Regulation (EU) 2018/389 refers to the counting of contactless electronic payment transactions that have been executed.  Further, Article 11(a) specifies an individual transaction limit of €50 and Article 11(b) refers to the cumulative amount of contactless electronic payment transactions that have been debited. Accordingly, when counting the number of transactions for the purpose of the alternative cumulative limit under Article 11(c), only those transactions that have been executed need to be included.

However, if a Payment Service Provider (PSP) wishes to include all authorised transactions, regardless of whether they have been executed or not, it is not prevented from so doing.

Final Q&A