PSD2 Regulatory Technical Standards (RTS)
Table of Contents
Chapter I – GENERAL PROVISIONS
Chapter II – SECURITY MEASURES FOR THE APPLICATION OF STRONG CUSTOMER AUTHENTICATION
Chapter III – EXEMPTIONS FROM STRONG CUSTOMER AUTHENTICATION
Chapter IV – CONFIDENTIALITY AND INTEGRITY OF THE PAYMENT SERVICE USERS' PERSONALISED SECURITY CREDENTIALS
Chapter V – COMMON AND SECURE OPEN STANDARDS OF COMMUNICATION
Chapter VI – FINAL PROVISIONS
Recitals (30)
Annexes
Recital 1
(1) Payment services offered electronically should be carried out in a secure manner, adopting technologies able to guarantee the safe authentication of the user and to reduce, to the maximum extent possible, the risk of fraud. The authentication procedure should include, in general, transaction monitoring mechanisms to detect attempts to use a payment service user's personalised security credentials that were lost, stolen, or misappropriated and should also ensure that the payment service user is the legitimate user and therefore is giving consent for the transfer of funds and access to its account information through a normal use of the personalised security credentials. Furthermore, it is necessary to specify the requirements of the strong customer authentication that should be applied each time a payer accesses its payment account online, initiates an electronic payment transaction or carries out any action through a remote channel which may imply a risk of payment fraud or other abuse, by requiring the generation of an authentication code which should be resistant against the risk of being forged in its entirety or by disclosure of any of the elements upon which the code was generated.