PSD2 Regulatory Technical Standards (RTS)
Table of Contents
Chapter I — GENERAL PROVISIONS
Chapter II — SECURITY MEASURES FOR THE APPLICATION OF STRONG CUSTOMER AUTHENTICATION
Art. 4 — Authentication codeArt. 5 — Dynamic linkingArt. 6 — Requirements of the elements categorised as knowledgeArt. 7 — Requirements of the elements categorised as possessionArt. 8 — Requirements of devices and software linked to elements categorised as inherenceArt. 9 — Independence of the elements
Chapter III — EXEMPTIONS FROM STRONG CUSTOMER AUTHENTICATION
Art. 10 — Access to the payment account information directly with the account servicing payment service providerArt. 10a — Access to the payment account information through an account information service providerArt. 11 — Contactless payments at point of saleArt. 12 — Unattended terminals for transport fares and parking feesArt. 13 — Trusted beneficiariesArt. 14 — Recurring transactionsArt. 15 — Credit transfers between accounts held by the same natural or legal personArt. 16 — Low-value transactionsArt. 17 — Secure corporate payment processes and protocolsArt. 18 — Transaction risk analysisArt. 19 — Calculation of fraud ratesArt. 20 — Cessation of exemptions based on transaction risk analysisArt. 21 — Monitoring
Chapter IV — CONFIDENTIALITY AND INTEGRITY OF THE PAYMENT SERVICE USERS' PERSONALISED SECURITY CREDENTIALS
Art. 22 — General requirementsArt. 23 — Creation and transmission of credentialsArt. 24 — Association with the payment service userArt. 25 — Delivery of credentials, authentication devices and softwareArt. 26 — Renewal of personalised security credentialsArt. 27 — Destruction, deactivation and revocation
Chapter V — COMMON AND SECURE OPEN STANDARDS OF COMMUNICATION
Art. 28 — Requirements for identificationArt. 29 — TraceabilityArt. 30 — General obligations for access interfacesArt. 31 — Access interface optionsArt. 32 — Obligations for a dedicated interfaceArt. 33 — Contingency measures for a dedicated interfaceArt. 34 — CertificatesArt. 35 — Security of communication sessionArt. 36 — Data exchanges