The European Banking Authority (EBA) has published its final draft Regulatory Technical Standards (RTS) on strong customer authentication and common and secure communication, under the revised Payment Services Directive (EU) 2015/2366 (PSD2).
The RTS were developed in close cooperation with the European Central Bank (ECB) and lay the foundations for the development of an open and secure market in retail payments in the European Union. The RTS will come into force 18 months after their adoption by the European Commission. The regulatory standards specify:
- the requirements for strong authentication of payments and relative exemptions
- the requirements for the protection of the users’ security credentials
- the requirements for open, common and secure communication standards between payment service providers and with users.
The final draft of the RTS takes into account the comments received during the public consultation, which ended on October 2016. The 224 answers received emphasised the need for a better balance between security and user-friendliness of payment instruments, as well as for the standards to more easily accommodate the technological solutions developed by the market.
