Single Rulebook Q&A

Question ID: 2018_4239
Legal act : Directive 2015/2366/EU (PSD2)
Topic : Strong customer authentication and common and secure communication (incl. access)
Article: 98
Paragraph: 1
Subparagraph: (b)
COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2018/389 – RTS on strong customer authentication and secure communication
Article/Paragraph : 17
Name of institution / submitter: Swedish Bankers’ Association
Country of incorporation / residence: Sweden
Type of submitter: Industry association
Subject matter : Applicability of exemption from strong customer authentication (SCA) under Article 17 for card payments

Is Article 17 of Regulation (EU) 2018/389 applicable for the payer’s Payment service provider (PSP) for card-based payments?

Background on the question:

This question relates to what we think is a mistake made by EBA in its opinion EBA-Op-2018-04, from which you could derive the conclusion that EBA thinks that exemption under Article 17 is not applicable for the payer’s PSP for card-based payments.

In its opinion, EBA-Op-2018-04 the EBA provides in Table 2 an overview of whether the payer’s PSP (issuer) and/or the payee’s PSP (acquirer) can decide on each of the exemptions set out under Articles 10 to 18.

In relation to Article 17 and the payee’s PSP’s ability to apply this exemption, the table says “No” for Credit transfers and “N/A” for Cards. Though we certainly agree that this exemption is only applicable for the Payer’s PSP, and not applicable for the Payee’s PSP, there should be no distinction in this between card-based payments versus credit transfers. I.e. this exemption is applicable for the payer’s PSP also for card-based payments, and the values for Article 17 in this table for the Payee’s PSP should be “No” for Cards as well as for “Credit Transfers”.

To compare with Article 15, for which there is also a “N/A” in the Cards column for the payee’s PSP: Article 15 explicitly refers to credit transfers, is therefore not applicable for card-based payments, and the “N/A” is therefore relevant. In Article 17 there is no mention of either credit transfers or card-based payments, and must therefore be applicable for both, i.e. the “N/A” is incorrect.

There are important solutions with dedicated processes and protocols between travel agencies, card issuers and their corporate customers that are based on the card infrastructure and card-based accounts, and should therefore be eligible to be exempted from SCA under Article 17.

Date of submission: 06/09/2018
Published as Final Q&A: 14/12/2018
EBA answer:

The exemption under Article 17 of the Commission Delegated Regulation (EU) 2018/389 does not specify the types of payment instrument that could be used through processes or protocols. Accordingly, these processes and protocols could use a card payment instrument.

The EBA Opinion on the implementation of the regulatory technical standards on strong customer authentication and common and secure communication, EBA-Op-2018-04, does not suggest it cannot be applied but merely that such exemption could not be used by the payee’s Payment Service Provider (PSP). 

Status: Final Q&A
Permanent link: link