The European Commission lately held a first Scrutiny Session on the final draft of the Regulatory Technical Standards (RTS) on Strong Customer Authentication and Secure Communication (SCA) submitted for endorsement by the European Banking Authority (EBA) to the European Commission (EC) under Article 98 of the revised Payment Services Directive (PSD2) 2015/2366.
As known, PSD2 - published on December 25th 2015 and in force since January 2016 - aims, inter alia, to the “harmonisation, innovation and security with regard to payment services”.
In this frame, Article 98 of PSD2 entrusts the EBA - in cooperation with ECB - to prepare a draft of RTS on SCA.
The RTS, while providing technical solutions, should balance the possibility to provide the new services regulated by PSD2 and to refine on existing payment services, with the introduction of a regulatory framework suitable to ensure a high level of security in the use of the E-payments methods. This, for example, by implementing secured authentication of digital users.
The final draft of the RTS, submitted by the EBA on February 23rd (published at the following link), on March 27th 2017 went through a first Scrutiny Session by the EC.
The Scrutiny Session was the first step of a procedure aimed to verify whether the technical solutions provided by the RTS final draft get the above mentioned balance between right to access the digital market and SCA requirements.
While the PSD2 will become applicable on January 13th 2018, pursuant to Article Article 115(4) PSD2 “the RTS will be applicable 18 months after its entry into force”.
The time is therefore still not so few. Given the complexity of the issues at the stake, we need nonetheless to hope it will yet be enough.