The Commission has written to the EBA explaining why it plans to amend the draft RTS under PSD2 on customer authentication and standards of communication. The key areas of change are:
- to ensure statutory audit of the risk analysis methodology;
- a new exemption to the application of strong customer authentication for certain corporate payments which are carried out in such a way as to be considered to achieve the high levels of security PSD2 requires;
- for PSPs to report fraud directly to EBA; and
- to require full documentation and reporting to authorities of contingency measures providers put in place in case of unavailability or inadequate performance of the dedicated communication interface.
The Commission explains it has not previously had the chance to comment on the draft, and has now returned the draft to EBA including these, and other less substantive, amendments.