Welcome to Finextra. We use cookies to help us to deliver our services. We'll assume you're ok with this, but you may change your preferences at our Cookie Centre.
Please read our Privacy Policy.

Accept
Channels
Blog article
See all stories »

Channels

Cards Payments
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Final PSD2 SCA & CSC RTS released - Initial Comments

Final draft released earlier today of PSD2 RTS on SCA and CSC. It is still a 'draft' as it could yet be amended by the European Parliament, but failing that it will be transposed to national law late 2018 or possible early the following year. Notable amendments (including those flagged earlier in the week): 

  • SCA limit raised to 30 euro. Cumulative limit 100 euro or 5 consecutive payments 
  • new exemption for 'transaction risk analysis' - up to 500 euro if the merchants PSP meets stringent fraud rates (e.g. 0.01% for remote card transactions). A sliding scale applies below these levels
  • unattended payment terminals also exempt to avoid unnecessary queues, amongst other things (think road tolls, tube, and parking meter payments)
  • Following CMA example in explicitly stating that screen scraping is no longer permitted (good)
  • AISP calls to access account information appear to have been increased from two to four per day maximum - but no max if account holder is actively requesting it (AISPs will need to think of smart ways of getting their users to actively request the data if it is to be real time). Bilateral arrangements between AISPs and banks can increase that limit if they so desire (a further incentive for bank/fintech partnerships)
  • PSPs to have same levels of availability to account that customers have via their online access
  • Corporate payments subject to same rules and exemptions as retail payments - no special cases (as requested by some industry players)
  • ISO20022 remains the standard for payment messaging under PSD2, although requirements for other security and communication standards (incl HTTPs) have been lifted to allow for technological and business model neutrality
  • Authentication procedures remain within the realm of the account provider

So thats it. Some increase in flexibility versus the consultation paper released last August. Fintechs will still find it relatively restrictive and will need to find some innovative ways of invoking the exemptions. Banks probably relatively happy I suspect. The industry can get on with implementing it now.

Initial thoughts and comments welcome.

 

7797

Channels

Cards Payments
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Report abuse

Comments: (1)

A Finextra member
A Finextra member 24 February, 2017, 11:18Be the first to give this comment the thumbs up 0 likes Thanks for the clear and concise summary!
Report abuse
Join the discussion
Killian Clifford

Killian Clifford

Consultant

Mobile Money Consulting

Member since

24 May 2011

Location

London

Blog posts

19

Comments

14

More from Killian

Community
See all Blogs »
Fintech 

Top 10 Mobile White-Label Wallet Solution Providers In 2019

Paul Shumsky

Paul Shumsky

Banking Regulations 

Financial sector granted life-line extension to PSD2’s Strong Customer Authentication

James Stickland

James Stickland

 

A journey towards better, richer, payment data

Saqib Sheikh

Saqib Sheikh

 

Strong Customer Authentication - a Litmus Test for Europe

Iain McDougall

Iain McDougall