Confusion over the EBA’s Regulatory Technical Standards on strong customer authentication

The EU’s Second Payment Services Directive (‘PSD2’) requires merchants to put into place what it terms ‘strong customer authentication’ to help reduce payment fraud. Under PSD2 the European Banking Authority (‘EBA’) is mandated to produce, inter alia, Regulatory Technical Standards (‘RTS’) specifying the requirements on strong customer authentication and common and secure communication under PSD2, and the EBA has duly released a draft of such RTS. All of this is relevant for e-commerce retailers, as while strong customer authentication plays a role in fighting fraud, burdensome requirements when making payments could put consumers of buying goods on a retailer’s website. Chris James, a Consultant Solicitor, analyses the EBA’s draft RTS on this issue and the industry reaction so far, and what this all means for e-commerce retailers.

Digital Business Lawyer, February 2017