Following an agreement reached by the European Banking Authority on 16 October 2019, the Austrian Financial Markets Authority (FMA) has extended the deadline for implementing strong customer authentication (two-factor authentication) for card payments in e-commerce transactions – as required under the Austrian Payment Services Act 2018, which transposes the EU Payment Services Directive (2015/2366/EU) (PSD 2) – until 31 December 2020.

As previously indicated by the FMA and the German Federal Financial Supervisory Authority, payment service providers that wish to use this extension must:

  • submit implementation plans to the FMA on how they will ensure that strong customer authentication will be implemented by the end of 2020 at the latest; and
  • inform the FMA of the implementation process's progress.

The extension applies only to card payments in e-commerce transactions; all other types of transaction (eg, online access to payment accounts, electronic credit transfers or point of sale transactions) require full compliance with the strong customer authentication standards under the Payment Services Act and PSD 2 as of 14 September 2019.

For further information on this topic please contact Stephan Schmalzl at Schima Mayer Starlinger by telephone (+43 1 383 60) or email ([email protected]). The Schima Mayer Starlinger website can be accessed at