Easy and unsafe? That was the first thing that came to mind when I read the following tweet from EU Finance about the security requirements of PSD2:

Payments: @EU_Commission adopted an amendment to the #PSD2 #SCA RTS to reduce frictions for customers.

The 90-day exemption for account access will be increased to 180 days.

The act will now be sent to @Europarl_EN and @EUCouncil for their scrutiny. #MyMoneyEU

— EU Finance 🇪🇺 (@EU_Finance) August 17, 2022

Unfortunately, there was no reference to a Commission source or to the amended requirements. So there is not yet a possibility to look at the complete revision of the RTS.

It probably refers to the consultation on the amendment of the rules (Regulatory Technical Standards, ‘RTS’) on ‘SCA’ (strong customer authentication) and ‘CSC’ (secure communication), which the European Banking Authority (EBA) was working on in the autumn of 2021 and the spring of 2022.

More information:

EBA:

• EBA replies to European Commission’s call for advice on the review of the Payment Services Directive, 23 June 2022.
• EBA publishes final Report on the amendment of its technical standards on the exemption to strong customer authentication for account access, 5 April 2022.
• Final report, 5 April 2022.
• Consultation on amending RTS on SCA and CSC under PSD2 (EBA/CP/2021/32), 28 October 2021.

European Commission:

The Commission in 2021 held a tender on PSD2 (see also this), title: Study on the Application and Impact of Directive (EU) 2015/2366 on Payment Services (PSD2), description:

To make sure that PSD2 (and its possible amendments) are fit for purpose. The set of rules regarding payments should address the challenges posed by the ongoing digitalisation, foster a competitive and innovative EU payments market with harmonised and technological-neutral conditions, and ensure a high-level of consumer protection, as well as the security and ease of payments. The revision of PSD2 is included in the Commissions “Retail Payments Strategy” of September 2020.