EU Legislation on Strong Customer Authentication Published

A&O Shearman
Contact

Shearman & Sterling LLP

A Commission Delegated Regulation has been published in the Official Journal of the European Union. The Delegated Regulation supplements the revised Payment Services Directive with Regulatory Technical Standards for strong customer authentication and common and secure open standards of communication.

PSD2 requires that strong customer authentication is used for accessing a payment account online, initiating a payment transaction and carrying out a transaction through a remote channel. “Strong customer authentication” means an authentication based on the use of two or more elements categorized as knowledge (something only the user knows), possession (something only the user possesses) and inherence (something the user is) that are independent, in that the breach of one does not compromise the reliability of the others, and is designed in such a way as to protect the confidentiality of the authentication data.

The RTS set out the requirements on Payment Service Providers to apply the strong customer authentication procedure under PSD2 and also provide detail on the exemptions from the requirements. The RTS also contain provisions to protect the confidentiality and integrity of the personalized security credentials of Payment Services Users, including requirements for masking and encryption of personalized security credentials and secure delivery of credentials, authentication devices and software to the PSU. Finally, the RTS establish common and secure open standards for communications between account servicing PSPs, Payment Initiation Service Providers, Account Information Service Providers, payers, payees and other PSPs in relation to the provision and use of payment services under PSD2.

The Delegated Regulation enters into force on March 14, 2018 and will apply directly across the EU partly from March 14, 2019 and mainly from September 14, 2019.

View the Commission Delegated Regulation ((EU) No 2018/389).

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© A&O Shearman | Attorney Advertising

Written by:

A&O Shearman
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

A&O Shearman on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide