On Wednesday 13 June, the European Banking Authority published an Opinion on the implementation of the Regulatory Technical Standards on Strong Customer Authentication (RTS on SCA).
The role of the RTS on SCA is to specify the Payment Service Directive 2 and define specific security measures for authentication and communication between the relevant actors. Those standards will be directly applicable in Member States from 14 September 2019 but are still subject of discussion between stakeholders and competent authorities at European and national level.
The RTS on SCA has led to numerous questions and calls for clarifications since its publication. Through its opinion, primarily directed at national competent authorities, the EBA aims at clarifying certain aspects of the standards and addressing the concerns of market participants to ensure that their questions are addressed consistently across the EU.
The Opinion provides clarifications on several key topics, included the main requirements for the dedicated interfaces and application programming interface, the application of the SCA, the different exemptions to strong authentication as well as the methods that can be used to authenticate.
The EBA also launched a consultation on draft Guidelines proposing an approach to the four conditions to be met to benefit from an exemption from the fallback option envisaged under Article 33(6) of the RTS.
Going forward, the EBA will continue to provide guidance using the EBA’s Single Rulebook question and answer (Q&A) tool, which will be extended to PSD2 by the end of June 2018.
For more information about the work of Ecommerce Europe on the RTS on SCA, please send an email to firstname.lastname@example.org.