Easy and unsafe? That was the first thing that came to mind when I read the following tweet from EU Finance about the security requirements of PSD2:
The 90-day exemption for account access will be increased to 180 days.
— EU Finance 🇪🇺 (@EU_Finance) August 17, 2022
Unfortunately, there was no reference to a Commission source or to the amended requirements. So there is not yet a possibility to look at the complete revision of the RTS.
It probably refers to the consultation on the amendment of the rules (Regulatory Technical Standards, ‘RTS’) on ‘SCA’ (strong customer authentication) and ‘CSC’ (secure communication), which the European Banking Authority (EBA) was working on in the autumn of 2021 and the spring of 2022.
- EBA replies to European Commission’s call for advice on the review of the Payment Services Directive, 23 June 2022.
- EBA publishes final Report on the amendment of its technical standards on the exemption to strong customer authentication for account access, 5 April 2022.
- Final report, 5 April 2022.
- Consultation on amending RTS on SCA and CSC under PSD2 (EBA/CP/2021/32), 28 October 2021.
To make sure that PSD2 (and its possible amendments) are fit for purpose. The set of rules regarding payments should address the challenges posed by the ongoing digitalisation, foster a competitive and innovative EU payments market with harmonised and technological-neutral conditions, and ensure a high-level of consumer protection, as well as the security and ease of payments. The revision of PSD2 is included in the Commissions “Retail Payments Strategy” of September 2020.