EBA has published the responses to its discussion paper on developing RTS on strong customer authentication and secure communication under the revised Payment Services Directive (PSD2). EBA is due to deliver RTS on these issues by January 2017 ahead of PSD2 applying from January 2018. The RTS will specify:

  • the requirements of the strong customer authentication;
  • exemptions from the application of these requirements;
  • requirements to protect the user’s security credentials;
  • requirements for common and secure open standards of communication; and
  • security measures between the various types of providers in the payments sector.

EBA intends to publish its draft RTS, drawn up in conjunction with ECB, in summer 2016 for consultation. EBA made 81 responses available from a range of industry participants. (Source: EBA publishes responses on PSD2 customer authentication)