The European Banking Authority (EBA) published today an Opinion on the implementation of the regulatory technical standards (RTS) on strong customer authentication (SCA) and common and secure communication (CSC), which will apply from 14 September 2019. In the Opinion, the EBA clarifies a number of issues identified by market participants and Competent Authorities (CAs) to assist in this implementation.
Market participants and CAs are seeking further clarity in a number of areas in the context of the implementation of the RTS on SCA and CSC. Given the cross-border nature of retail payments, the EBA and CAs have a shared interest in supporting the objectives of PSD2 of contributing to a single EU payments market, ensuring that these issues are addressed consistently across the EU and that the implementation period proceeds smoothly and transparently across the EU.
The Opinion is addressed to Competent Authorities to convey the EBA's views in some pressing areas identified by the market and Competent Authorities, including on the exemptions to SCAs, consent, the scope of data sharing, and requirements for Application Programming Interfaces (APIs) and dedicated interfaces to take into account. For example, the Opinion explains that the ASPSP should not check the consent of the payment service user who has contracted with an account information service provider (AISP), payment initiation service provider (PISP) or card-based payment instrument issuers (CBPII) and that it is the ASPSP that applies SCA and decides whether or not to apply an exemption.
Also, the Opinion clarifies that when determining which method(s) to use for the purpose of carrying out the authentication procedure, the ASPSP needs to ensure that all methods of strong customer authentication offered to its customers can be supported when using the API.
Going forward, EBA will provide further clarification on the interpretation of the RTS on SCA and CSC through its online Interactive Single Rulebook and Q&A tools, which are to be extended to PSD2 related queries, including the associated EBA Technical Standards and Guidelines, shortly.
The EBA also launched today a consultation on draft Guidelines proposing a pragmatic and consistent approach to the four conditions to be met to benefit from an exemption from the fallback option envisaged under Article 33(6) of the RTS.
Legal basis and background
The EBA has drafted the Opinion in accordance with Article 29(1)(a) of its Founding Regulation, which mandates the Authority to play an active role in building a common Union supervisory culture and consistent supervisory practices, as well as in ensuring uniform procedures and consistent approaches throughout the Union. "
