EBA issues final Technical Standards foreseen under PSD II
The European Banking Authority (EBA) on 23 February submitted to the Commission the final draft Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA) and common and secure communication under the Payment Services Directive (PSD II). The main changes introduced relate to: i) the common interface, with the final text maintaining the obligation for the banks to offer at least one interface for account payment services and payment initiate services; and where ‘screen scrapping’ or ‘direct access’, will no longer be allowed once the transition period under PSD II has elapsed and the RTS apply; ii) two new exemptions on SCA, one based on “transaction risk analysis” and another for payments at “unattended terminals” for transport or parking fares; iii) increased thresholds for SCA from €10 to €30 on remote payment transactions and; iv) removal of any references to ISO 27001 and other specific, technological characteristics. Separately, the EBA published an Opinion disagreeing with the Commission’s proposal to amend the draft final RTS on the separation of payment card schemes and processing entities under the Interchange Fee Regulation (IFR). The EBA regrets that the Commission’s decision is based on the assumption that all card schemes and processing entities are, or should be treated as if they were, legally and structurally separated.
Next steps: The Commission now has 3 months to endorse or propose amendments to the final PSD II RTS (by 23 May). The scrutiny period for the European Parliament and Council to endorse or reject the Commission’s decision on IFR runs until 5 March, with the possibility to be extended for another 3 months.