On December 8, 2015, the EBA published a discussion paper on strong customer authentication and secure communication under the revised Payment Services Directive (known as PSD2), which is expected to enter into force in January 2016 and apply from January 2018. Under PSD2, the EBA must deliver RTS on strong customer authentication and secure communication by January 2017. The aims of these standards are to enhance consumer protection, promote innovation and improve the security of payment services across the EU. The draft RTS, once developed in conjunction with the ECB, will set out: (i) the requirements for strong customer authentication; (ii) the exemptions from these requirements; (iii) measures that would protect security credentials of users; (iv) requirements for communications that are common and secure; and (v) security measures between the various types of providers in the payments sector. Comments are due by February 8, 2016.

The discussion paper is available at: http://www.eba.europa.eu/documents/10180/1303936/EBA-DP-2015-03+%28RTS+on+SCA+and+CSC+under+PSD2%29.pdf.