PSD2 Regulatory Technical Standards (RTS)
Table of Contents
Chapter I – GENERAL PROVISIONS
Chapter II – SECURITY MEASURES FOR THE APPLICATION OF STRONG CUSTOMER AUTHENTICATION
Chapter III – EXEMPTIONS FROM STRONG CUSTOMER AUTHENTICATION
Chapter IV – CONFIDENTIALITY AND INTEGRITY OF THE PAYMENT SERVICE USERS' PERSONALISED SECURITY CREDENTIALS
Chapter V – COMMON AND SECURE OPEN STANDARDS OF COMMUNICATION
Chapter VI – FINAL PROVISIONS
Recitals (30)
Annexes
Chapter II – SECURITY MEASURES FOR THE APPLICATION OF STRONG CUSTOMER AUTHENTICATION
Article 8
Requirements of devices and software linked to elements categorised as inherence
1. Payment service providers shall adopt measures to mitigate the risk that the authentication elements categorised as inherence and read by access devices and software provided to the payer are uncovered by unauthorised parties. At a minimum, the payment service providers shall ensure that those access devices and software have a very low probability of an unauthorised party being authenticated as the payer.
2. The use by the payer of those elements shall be subject to measures ensuring that those devices and the software guarantee resistance against unauthorised use of the elements through access to the devices and the software.