2025_7482 SCA exception for Contactless only terminals (SoftPOS) in case of emergency

Question ID: 2025_7482
Legal act: Directive 2015/2366/EU (PSD2)
Topic: Strong customer authentication and common and secure communication (incl. access)
Article: 97
COM Delegated or Implementing Acts/RTS/ITS/GLs/Recommendations: Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
Article/Paragraph: Article 0 - (15)
Type of submitter: Other
Subject matter: SCA exception for Contactless only terminals (SoftPOS) in case of emergency
Question: We are in the process of developing a backup solution for our SoftPOS terminal application, intended for use during exceptional circumstances such as cyber-attacks or other disruptions to internet connectivity and acquirer systems.

As SoftPOS terminals operate exclusively with contactless transactions, and contactless transactions does not support Offline PIN, it is technically not possible to perform Strong Customer Authentication (SCA) in offline mode.

We would like to confirm whether, under these conditions, it is acceptable to process offline contactless transactions without applying SCA and follow Directive (EU) 2015/2366 article 0 (15)
Background on the question: In Denmark, as well as in several other countries, legislative efforts are underway that will require all payment solutions—including SoftPOS terminals—to support offline processing.

To comply with the upcoming regulations, we must ensure that offline processing is supported, regardless of the authentication methods available.
Submission date: 13/06/2025
Status: Question under review
Answer prepared by: Answer prepared by the EBA.

Organisation and governance

Legal and policy framework

Careers

Supervisory convergence

Direct supervision and oversight

Information for consumers

Ad hoc activities

Risk analysis

Reporting

Data

Publications

Media centre