The European Banking Authority is consulting on draft Regulatory Technical Standards to amend the existing RTS on strong customer authentication and common and secure open standards of communication under the EU Payment Services Directive (known as PSD2). Responses to the consultation may be submitted until November 25, 2021.

PSD2 requires payment service providers to apply SCA each time a customer accesses their payment account online. The existing RTS govern the process by which payment service providers authenticate the identity of customers and provide exemptions to the SCA requirements. One of the exemptions is available, on a voluntary basis, when a customer accesses limited payment account information, provided that SCA is applied for the first access and at least every 90 days subsequently. The EBA is proposing to make the exemption mandatory for PSPs where the account information is accessed through an account information service provider, subject to certain conditions being met to ensure the safety of the user's data. The exemption would remain voluntary when a user directly accesses the account information.

[View source.]