Europejski Urząd Nadzoru Bankowego, Raport końcowy Europejskiego Urzędu Nadzoru Bankowego (EUNB) w sprawie aktualizacji swoich regulacyjnych standardów technicznych dotyczących silnego uwierzytelniania klienta i bezpiecznej komunikacji (RTS ws. SCA&CSC)

EBA/RTS/2022/03

5 April 2022

Final Report

Draft Regulatory Technical Standards

amending Commission Delegated Regulation (EU) 2018/389

supplementing Directive (EU) 2015/2366 of the European

Parliament and of the Council with regard to regulatory technical

standards for strong customer authentication and common and

secure open standards of communication

1. Executive Summary

Article 97 of Directive (EU) 2015/2366 on payment services in the internal market (PSD2) requires payment service providers (PSPs) to apply strong customer authentication (SCA) each time a payment service user (PSU) accesses its payment account online, directly or through an account information service provider (AISP).

By derogation from this requirement, the regulatory technical standards (RTS) on strong customer authentication and common and secure communication (RTS on SCA&CSC) allow PSPs not to apply SCA provided that (i) the access is limited only to the balance of the account and/or the recent transaction history, without...