EBA consults on amending SCA rules

Friday 29 October 2021 12:52 CET | News

The European Banking Authority (EBA) has launched a public consultation on the amendment of its Regulatory Technical Standards (RTS) on strong customer authentication and secure communication (SCA&CSC) under the Payment Services Directive (PSD2) with regard to 90-day exemption from SCA for account access. 

The proposed amendment aims at addressing a number of issues that the EBA has identified in the application of the exemption by some account servicing payment service providers (ASPSPs) across the EU Member States and which have resulted in a negative impact on the services offered by account information service providers (AISPs) under the PSD2. The consultation runs until 25 November 2021.

The consultation paper aims at addressing several issues that the EBA has identified in the application of this exemption, particularly in cases where ASPSPs have not made use of the exemption and request SCA for each account access, or where they request SCA more frequently than every 90-days, as allowed by the RTS.

To address the impact of these issues on AISPs’ services, the EBA is proposing to introduce a new mandatory exemption from SCA for the specific use case when the access is done through an AISP that is subject to certain safeguards and conditions aimed at ensuring the safety of the customers’ data.

For the other separate case where customers access the data directly, the EBA is proposing to retain the exemption in Article 10 to be voluntary as is currently the case, as no specific issues have been identified in such cases. However, in order to ensure a level playing field amongst all payment service providers, the EBA is also proposing to extend the 90-days timeline in Article 10 of the RTS on SCA&CSC for the renewal of SCA to the same 180-day period for the renewal of SCA when the account data is accessed through an AISP.

The amendments proposed in this consultation paper are those that the EBA is legally able to make to address the issues identified. Other mitigations to address other issues are conceivable but would require changes to the Directive itself, which is beyond the EBA’s powers.

More: Link

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: EBA, AISP, SCA, PSD2
Categories: Fraud & Financial Crime
Countries: Europe
This article is part of category

Fraud & Financial Crime