Shearman & Sterling LLP | FinReg | European Banking Authority Consults on Draft Standards for Payment Service Providers
Financial Regulatory Developments Focus
This links to the home page
Financial Regulatory Developments Focus
FILTERS
  • European Banking Authority Consults on Draft Standards for Payment Service Providers

    08/12/2016
    The European Banking Authority published a consultation paper on draft Regulatory Technical Standards specifying the requirements of strong customer authentication and secure communication under the revised Payment Services Directive (known as PSD2). PSD2, which will apply from January 13, 2018, requires payment service providers to apply strong customer authentication measures where the payer: (i) accesses its payment account online; (ii) initiates an electronic payment transaction; and (iii) carries out any action through a remote channel which may imply a risk of payment fraud or other abuses.  

    The proposed draft RTS supplement this requirement by outlining a framework for the protection of consumers and payment service providers. The proposed draft RTS outline requirements for: (i) strong customer authentication and exemptions from those requirements; (ii) security measures to protect the confidentiality and the integrity of the payment service users’ personalized security credentials; and (iii) common and secure open standards of communication between account servicing payment service providers, Payment Initiation Services  providers, Account Information Services providers, payers, payees and other payment service providers, including imposing an obligation on payment service providers to ensure that data on personalized security credentials are masked when displayed and are not readable in their full text during all phases of the authentication procedure.

    Responses to the consultation are due by October 12, 2016. 

    View the consultation paper.