On 29 June 2017, the EBA published its opinion responding to the European Commission’s intention to amend the EBA’s draft Regulatory Technical Standards (RTS) on strong customer authentication and common and secure communication. In its Opinion, while agreeing with the aims sought in the EC’s amendments, the EBA voices its disagreement with three of the four concrete amendments the Commission proposes on the basis that it would negatively impact the fine trade-off and balances previously found in the RTS.
The RTS establish:
- the requirements for strong customer authentication (SCA) to be complied with by payment service providers (PSPs),
- the exemptions from the application of SCA,
- the requirements with which security measures have to comply in order to protect the confidentiality and the integrity of the payment service users’ personalised security credentials, and
- the requirements for common and secure open standards of communication (CSC) between account servicing payment service providers (ASPSPs), payment initiation service providers (PISPs), account information service providers (AISPs), payers, payees and other PSPs.