Payments / PSD2: Strong Customer Authentication – A Political Football?

header image

The recast Payment Services Directive or “PSD2” seeks to improve the security around the authentication of payments by means of Strong Customer Authentication (SCA). Unfortunately, this has become a political football passing between the European Banking Authority (the EBA) and the European Commission.

The EBA’s Opinion issued on 29 June objects to amendments that the Commission intends to make to the EBA’s final draft Regulatory Technical Standards on SCA and Common and Secure Communication (the RTS). This back and forth between the EBA and the Commission is unusual, though it is part of a trend that has seen the EBA become more assertive. We have summarised the background and current situation in a briefing note.

While the implementation date of 13 January 2018 for PSD2 is fast approaching, in contrast the expected date for the RTS to take effect is slipping further away – the earliest date for implementation of the RTS is now Q1 2019. The current uncertainty is not helping the sector to prepare properly for the forthcoming Big Bang in the payments industry.

In this respect, the EBA published Guidelines last week on the information to be provided by firms seeking authorisation under PSD2, and the UK Government is expected to lay national implementing regulations before Parliament this week prior to the summer recess.

Richard Powell is a professional support lawyer within Baker McKenzie's global financial services group where he is responsible for supporting the group's legal and technical knowledge.