PSD2 Regulatory Technical Standards (RTS)
Table of Contents
Chapter I – GENERAL PROVISIONS
Chapter II – SECURITY MEASURES FOR THE APPLICATION OF STRONG CUSTOMER AUTHENTICATION
Chapter III – EXEMPTIONS FROM STRONG CUSTOMER AUTHENTICATION
Chapter IV – CONFIDENTIALITY AND INTEGRITY OF THE PAYMENT SERVICE USERS' PERSONALISED SECURITY CREDENTIALS
Chapter V – COMMON AND SECURE OPEN STANDARDS OF COMMUNICATION
Chapter VI – FINAL PROVISIONS
Recitals (30)
Annexes
Recital 10
(10) Actions which imply access to the balance and the recent transactions of a payment account without disclosure of sensitive payment data, recurring payments to the same payees which have been previously set up or confirmed by the payer through the use of strong customer authentication, and payments to and from the same natural or legal person with accounts with the same payment service provider, pose a low level of risk, thus allowing payment service providers not to apply strong customer authentication. This leaves aside that in accordance with Articles 65, 66 and 67 Payment Services Directive (PSD2), payment initiation service providers, payment service providers issuing card-based payment instruments and account information service providers should only seek and obtain the necessary and essential information from the account servicing payment service provider for the provision of a given payment service with the consent of the payment service user. Such consent can be given individually for each request of information or for each payment to be initiated or, for account information service providers, as a mandate for designated payment accounts and associated payment transactions as established in the contractual agreement with the payment service user.