PSD2) Regulator Technical Standards

https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2018.069.01.0023.01.ENG&toc=OJ:L:2018:069:TOC

Regulatory Extract Headings

(I)         GENERAL PROVISIONS

Article1: Subject matter

Article2: General authentication requirements

Article3: Review of the security measures

(II)        SECURITY MEASURES FOR THE APPLICATION OF STRONG CUSTOMER AUTHENTICATION 

Article 4: Authentication code

Article 5: Dynamic linking

Article 6: Requirements of the elements categorised as knowledge

Article 7: Requirements of the elements categorised as possession

Article 8: Requirements of devices and software linked to elements categorised as inherence

Article 9: Independence of the elements

(III)       EXEMPTIONS FROM STRONG CUSTOMER AUTHENTICATION

Article 10: Payment account information

Article 11: Contactless payments at point of sale

Article 12: Unattended terminals for transport fares and parking fees

Article 13: Trusted beneficiaries

Article 14: Recurring transactions

Article 15: Credit transfers between accounts held by the same natural or legal person

Article 16: Low-value transactions

Article 17: Secure corporate payment processes and protocols

Article 18: Transaction risk analysis

Article 19: Calculation of fraud rates

Article 20: Cessation of exemptions based on transaction risk analysis

Article 21: Monitoring

(IV)       CONFIDENTIALITY AND INTEGRITY OF THE PAYMENT SERVICE USERS’ PERSONALISED SECURITY CREDENTIALS

Article 22: General requirements

Article 23: Creation and transmission of credentials

Article 24: Association with the payment service user

Article 25: Delivery of credentials, authentication devices and software

Article 26: Renewal of personalised security credentials

Article 27: Destruction, deactivation and revocation

(V)        COMMON AND SECURE OPEN STANDARDS OF COMMUNICATION

SECTION 1: GENERAL REQUIREMENTS FOR COMMUNICATION

Article 28: Requirements for identification

Article 29: Traceability

SECTION 2: SPECIFIC REQUIREMENTS FOR THE COMMON AND SECURE OPEN STANDARDS OF COMMUNICATION

Article 30: General obligations for access interfaces

Article 31: Access interface options

Article 32: Obligations for a dedicated interface

Article 33: Contingency measures for a dedicated interface

Article 34: Certificates

Article 35: Security of communication session

Article 36: Data exchanges

Article 37: Review

Article 38: Entry into force

Published by EC 27 Nov 2017.

Adopted by EU 27th Feb 2018.

DUE DATE: 27th Sept 2019.