Finextra Research
Sign in
Sign up
  • News
    • Latest news
    • Company updates
    • Long reads
  • TV
  • Research
  • Events
    • All
    • Conferences
    • Webinars
    • Popular
  • Community
    • Community latest
    • Latest expert opinions
    • Groups
    • Search members
  • Jobs
  • APIs
Sign in
Sign up
  • News
    • Back
    • News
    • Latest news
    • Company updates
    • Long reads
  • TV
  • Research
  • Events
    • Back
    • Events
    • All
    • Conferences
    • Webinars
    • Popular
  • Community
    • Back
    • Community
    • Community latest
    • Latest expert opinions
    • Groups
    • Search members
  • Jobs
  • APIs
  • payments
  • markets
  • retail
  • wholesale
  • wealth
  • regulation
  • crime
  • crypto
  • sustainable
  • startups
  • devops
  • identity
  • security
  • cloud
  • ai

Community

  • Your feed
  • Latest expert opinions
  • Groups

Join the Community

23,770
Expert opinions
40,547
Total members
367
New members (last 30 days)
209
New opinions (last 30 days)
29,206
Total comments
Join Sign in
Follow Unfollow

Tautvydas Medziukevicius

Legal Counsel
Swiipe
Member since
14 Mar 2019
Location
Copenhagen
Followers
0
Following
0
Opinions
2
Long reads
0
Followed by John Sims, Martha Boyle and 5 others you follow

Experience

Legal Counsel
Swiipe
To Present
Show all experience

Latest opinions

Tautvydas Medziukevicius

Strong Consumer Authentication - a project for the banks?

The Second Payments Services Directive (PSD2) is opening many doors for small companies in a bank-dominated industry. With the new rules some of the competences are transferred from the banks to the hands of the consumers. Consumers have the authority, through consent, to allow smaller companies to use consumers’ bank accounts to provide unique se...

07 May 2019 Open Banking

Tautvydas Medziukevicius

'Authentication code' and the future of payment transactions at the point of sale.

The Payment Services Directive (PSD2), introduces new rules on how the payment services are going to be governed. Strong Consumer Authentication (SCA) implements new standards where (Article 97) the payer: (a) accesses its payment account online; (b) initiates an electronic payment transaction; (c) carries out any action through a remote channel w...

26 March 2019 Fintech

Latest comments

'Authentication code' and the future of payment transactions at the point of sale.

My understanding and the interpretation of the current legal framework on this matter is that there is more than one way of fulfilling SCA. What is certain from the law is that there must be two different and independent elements for the initial authentication stage. The initial authentication stage should produce an authentication code. The tricky part is how you put that authentication code in to use as it is not clear from the law. It is unclear whether the consumer must put in the authentication code himself or whether the payment initiator gets the code and lets the payment to proceed. If it is the first option, then OTP would be the only way around, once the two elements are confirmed. But if it is the second option then we can use the existing method of chip and pin and we do not need the OTP. But nevertheless, OTP could replace the pin code in the second scenario.

I believe it is the second scenario that will be applied, and thus the consumers will not need to insert the authentication code.

Yes, you are right in saying OTP can be one of the elements, but it would be the ‘possession’ element and not the ‘knowledge’ based element. A pin or multi-use passwords are knowledge-based elements because it is something you and only you know. OTP is based on the devices you have, and you will not know the one-use password if you don’t have the laptop or the phone, therefore it is a ‘possession’ based element.

If it is the first scenario, then I agree, it does not make sense to put another security layer on chip and pin type of transactions which are considered safe already.

28 Mar 2019 13:31 Read comment

PSD2 - The Final RTS: 10 Things You Need To Know

Thank you for the article, it seems very fascinating. however, my belief is that you have misinterpreted the RTS with the point 3. RTS states that PIS Providers have the right to rely on the authentication procedures provided by the ASPSP to the user and in such cases, the authentication procedure will remain fully in the sphere of competence of the ASPSP.

This part only bears the meaning that there is an extra right for the PISPs to use the SCA provided by the banks. It does not state anything about the PISPs not being to have their SCA mechanism. There would be no point of having PISPs if they would have the only way of referring to banks for initiating the payment service, doing something they were created to do.

21 Mar 2019 10:38 Read comment

3D Secure 2.0 and PSD2, live together in perfect harmony

The 3DS 1.0.2 does not necessarily satisfy the requirements for the PSD2. PSD2 requires two different elements, 3DS 1.0.2 might request two same elements, for example, two passwords, which both are something we know. Can you expand on how 3D Secure satisfies the requirements of strong consumer authentication?

21 Mar 2019 10:24 Read comment

Tautvydas writes about

  • payments
  • regulation & compliance
  • start ups

Tautvydas's opinion archive

  • 2019 (2)
ShowHide similar members

Similar members

Nazar Korshivskyi

Nazar Korshivskyi
Legal Counsel at Solid

Follow Unfollow

Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.

Please read our Privacy Policy.

Accept
Finextra

Finextra

  • About

Community

  • Rules
  • Contact the community team

News

  • Guidance
  • Contact the news desk

Sales

  • Media pack
  • Contact the sales team

Get involved

  • Finextra Live@
  • Webinars
  • Finextra TV
  • Research
  • Finextra.jobs

Events

  • Sustainable Finance Live
  • NextGen Nordics
  • EBAday
  • NextGen:AI
Join the community Register for news alerts
Apple App Store Google App Store

© Finextra Research 2025

Terms of usePrivacy PolicyCookie Centre