EBA Offers Regulatory Technical Standards for Implementing Strong Customer Authentication

EBA Offers Regulatory Technical Standards for Implementing Strong Customer Authentication
01.03.2017 07:30 am

EBA Offers Regulatory Technical Standards for Implementing Strong Customer Authentication

Regulatory Standards

The European Banking Authority (EBA) has today released its final draft Regulatory Technical Standards (RTS) for implementing Strong Customer Authentication (SCA), mandated under the revised Payment Services Directive (PSD2). At the heart of these changes to RTS is the fact that, through PSD2, European lawmakers have decided to allow non-bank competitors to access the payment accounts of banks’ customers, for the purpose of retrieving account information and/or to initiate a payment transaction. Key Changes to the Regulatory Technical Standards (RTS) that will implement SCA:

1. Technology-neutrality of the RTS One the main criticisms of the previous RTS was that it was very high level in some areas but very detailed in others and in particular it had made reference to particular technologies in some cases. The new draft of RTS attempts to address these concerns by adopting a more technology neutral stance.

2. Exemptions to Secure Customer Authentication The new RTS introduces two key new exemptions, one based on "transaction risk analysis" and one for so-called 'unattended terminals' for transport or parking fares. However, the exemption for transactional risk analysis can only be used where the payment services provider has an overall fraud rate lower than the reference fraud rate mandated in the RTS. This will allow the payment services providers a lot more flexibility but only where they can show that the level of fraud is being kept at an acceptable level. The threshold for applying SCA to remote transactions will increase from €10 to €30. There will be no exemption for corporate payments

3. Banks can provide a dedicated interface The EBA has confirmed that the practice of 'screen scraping' - which automates the copying of data from a website – will be banned under PSD2 after the end of the transition period. However, banks will have to provide the same level of availability and performance as the interface offered to, and used by, their own customers.

'A pragmatic olive branch'

Commenting on the changes, John Salmon, Partner at Hogan Lovells, said: “The changes provide a pragmatic olive branch, reflecting the fact that the EBA is wrestling with an incredibly difficult task that pitted it against competing objectives under PSD2. - 2 - Hogan Lovells “One of the biggest complaints about the legislation has been it is so clunky, particularly around two-factor authentication. Fintechs , banks and online merchants should welcome the extra flexibility, particularly around the new 'transaction risk analysis' exemption. However, they are going to have to ensure that level of fraud is kept under control so that they can meet the reference level. They should also get behind the desire for technological neutrality and having principle-based regulation, as this will help foster innovation. The same goes for the new clarity around interfaces – the banks will be happy they'll be able to choose the type of interface they use, while Third Party Payment Providers will take comfort from the fact that they shouldn’t lose out through using these systems and they will have to be just as good as the systems offered direct to customers."

Related News

Lanistar chooses W2 to power its new banking alternative

W2 partners with Lanistar, ahead of its polymorphic debit card launch that will revolutionise how customers manage their money. W2, the... Read more »

Huobi Tech’s (1611.HK) Asset Management Subsidiary obtained SFC Type 4 and Type 9 licenses

Huobi Asset Management (Hong Kong) Limited (the “Company”), the wholly-owned asset management subsidiary of Huobi Technology Holdings Limited (1611.HK), is... Read more »

Finch Global launches fintech digital passport to make compliance checks smoother for businesses

As financial institutions and organisations come to terms with the challenges of the post-Covid-19 world it is obvious that regulated businesses urgently need a new, more... Read more »

Ardent Financial selects SteelEye for MiFID II and MAR compliance

SteelEye, the compliance technology and data analytics firm, has been selected by Ardent Financial, a new FCA authorised Securities Dealer, to... Read more »

EQ launches new automated complaints product for the financial services industry

EQ (Equiniti), the international technology-led services and payments specialist, is delighted to announce that it is launching a new automated complaints... Read more »

FSS Technologies signs Emrys La Carte for Issuance Processing Service

FSS Technologies (Financial Software and Systems), a global digital payment and financial technology company, announced today that Emrys La Carte... Read more »

Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel