LexGo

PSDII: migration to SCA by 31 December 2020
25/11/2019

On 16 October 2019, the European Banking Authority (EBA) issued an Opinion concerning one of the most important features of the Payment Services Directive II (PSD II), being strong customer authentication (SCA). EBA gives card-issuing and acquiring payment services providers (PSPs) until the end of December 2020 to migrate to SCA supporting approaches and solutions. This article intends to provide some background and highlights some pinpoints to be remembered from this hodgepodge of terminology and abbreviations.

PSD II

Needless to introduce, PSD II greatly impacts the European payments market, providing the puzzle pieces that were missing under the Directive’s predecessor, PSD I. In a nutshell, PSD II (amongst other things) widens the scope of application in terms of territory and currency, narrows the scope of the exemptions and regulates two new payment services, namely payment initiation services and account information services.

Customer safety: SCA

Apart from responding to innovation, PSD II has a strong focus on customer safety. The Directive’s pre-eminent feature in this regard is SCA. SCA should increase the level of security of electronic payments and mitigate the risk of fraud. PSPs are obliged to apply SCA which allows to verify the identity of the payment service user or the validity of the use of a payment instrument. This authentication combines at least two elements of the categories knowledge (something only the user knows), possession (something only the user possesses) and inherence (something the user is). Following PSD II, these elements should be independent from each other, meaning that the breach of one cannot negatively impact the reliability of the others. Moreover, the SCA cannot combine two elements that stem from the same category. Though there are exemptions, PSPs must apply the SCA each time a payer accesses its payment account online, initiates an e-payment, or carries out any action through a remote channel which may imply a risk of payment fraud or other abuse.

EBA sets deadline for SCA compliance

PSDII mandates EBA to develop regulatory technical standards (RTS) on SCA. The initial deadline for compliance with the RTS was 14 September 2019. However, due to the complexity of the payments market and the necessary changes, EBA has allowed for supervisory flexibility implying that national supervisors can be lenient towards issuing and acquiring PSPs whose authentication approaches are not yet fully compliant with SCA (link).

In its Opinion of 16 October 2019, EBA has set the date on which supervisory flexibility comes to an end. By 31 December 2020, issuing and acquiring PSPs should have migrated to SCA compliant approaches and solutions. In the Opinion, PSPs can find tables in which EBA has listed some milestones and expected actions from national supervisors towards issuing and acquiring PSPs. Through this information, PSPs receive some guidance as to what the national supervisor will pay attention to (link).

Voir aussi : Loyens & Loeff Luxembourg S.Ă  r.l.

[+ http://www.loyensloeff.com]


Click here to see the ad(s)
Tous les articles Droit financier

Derniers articles Droit financier

Comparability of Investment Funds – another Finnish referral to the Court of Justice of the Eur...
22/10/2021

Recently, an Advocate General’s opinion (the “Opinion”) on Finnish CJEU case C-342/20 (the “Case&r...

Comparability of Investment Funds – another Finnish referral to the Court of Justice of the European Union – another positive signal Read more

New rules on material IT outsourcing in the financial sector
15/10/2021

Effective 15 October 2021, financial institutions must notify the CSSF of any planned outsourcing of material IT activitie...

Read more

Payments services and e-money | New delegated regulation
15/10/2021

On 28 September 2021, the Commission Delegated Regulation (EU) 2021/1722 of 18 June 2021 (the “Regulation”), s...

Payments services and e-money | New delegated regulation Read more

Performance fees: the CSSF digitalises data collection
12/10/2021

Investment fund managers must report to the CSSF on the performance fee models used by all Luxembourg UCITS and AIFs that ...

Performance fees: the CSSF digitalises data collection Read more

LexGO Network