On 12 August 2016 the European Banking Authority (EBA) published a Consultation Paper on draft regulatory technical standards on strong customer authentication and common and secure communication under the revised Payment Services Directive (EU) 2015/2366 (PSD2).
PSD 2 AND EBA
PSD2 entered into force on 12 January 2016 and will replace the current Payment Services Directive (in force since 2007) as of 13 January 2018.
Under PSD 2, EBA has a role to develop (in close cooperation with the European Central Bank) a range of draft regulatory technical standards (RTS) specifying, amongst other, the requirements of strong customer authentication and the exceptions thereto.
SECURITY OF PAYMENTS UNDER PSD 2
PSD 2 introduces strict security requirements for the initiation and processing of electronic payments, which apply to all payment services providers (PSPs).
PSPs will be bound to apply strong customer authentication when a payer initiates an electronic payment transaction. Strong customer authentication is an authentication process that validates the identity of the user of a payment service or of the payment transaction and is based upon the use of two or more elements categorized as:
Certain requirements for the protection of online payments have already been implemented through the EBA’s Guidelines on the Security of Internet Payments, which was issued on 19 December 2014 and came into force on 1 August 2015.
Sourced through Scoop.it from: www.lexology.com