Question ID
2018_4043
Legal act
Directive 2015/2366/EU (PSD2)
Topic
Strong customer authentication and common and secure communication (incl. access)
Article
98
COM Delegated or Implementing Acts/RTS/ITS/GLs/Recommendations
Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
Article/Paragraph
19
Type of submitter
Other
Subject matter
Calculation of fraud rates in relation to Exemption Threshold Values (ETVs)
Question

Is it acceptable to calculate the fraud rate for the application of the TRA exemption per ETV band?

Background on the question

There are contrasting views as to how the reference rate for the application of the TRA exemption should be calculated in relation to the ETVs. This creates significant confusion for PSPs and may inhibit their ability to apply the TRA exemption and provide a smooth service to consumers. One view is that to unlock the TRA exemption for low risk transactions up to EUR100, the gross fraud level for all transactions of all values must be less than 13 bps. Subsequently, to unlock the TRA exemption for low risk transactions up to EUR250 the gross fraud rate for all transactions must be less than 6bps, and so on for transactions up to EUR500. This would significantly decrease the likelihood that any PSP would be able to apply the TRA exemption to higher value transactions.

Submission date
Final publishing date
Final answer

In accordance with Article 19(1) of the Commission Delegated Regulation (EU) 2018/389, “the payment service provider shall ensure that the overall fraud rates covering both payment transactions authenticated through strong customer authentication and those executed under any of the exemptions referred to in Articles 13 to 18 are equivalent to, or lower than, the reference fraud rate for the same type of payment transaction indicated in the table set out in the Annex”. The Annex to this Delegated Regulation distinguishes between reference fraud rates for card payments and those for credit transfers. The reference fraud rates also differ depending on the exemption threshold value (ETV). Further, in accordance with Article 18(2)(b) of this Delegated Regulation, “the amount of the transaction [shall] not exceed the relevant ETV specified in the table set out in the Annex”. Accordingly, to apply the exemption under Article 18 of this Delegated Regulation to a remote electronic card-based payment transaction of a value of EUR 100 or less, the payment service provider will need to have a fraud rate for card payments of 0.13 % or less. To apply the exemption for a remote electronic card-based payment transaction with a value up to EUR 250, the payment service provider (PSP) will need to have a fraud rate for card payments of 0.06 % or less. The same principle applies to transactions of a value up to EUR 500.

The relevant fraud rate for the PSP to calculate, which is to be compared with the reference fraud rate, is not calculated per band but instead at the level of each type of transaction, referred to in the Annex of the Delegated Regulation as either “remote electronic card-based payments” or “remote electronic credit transfers”.


This means that if a payment service provider has a fraud rate of 0.10 % or less for all remote electronic card based payments (regardless of the transaction amounts), only remote electronic card based payment transactions up to EUR 100 will be able to be exempted from the obligation to apply Strong customer authentication (SCA).

Status
Final Q&A
Answer prepared by
Answer prepared by the EBA.

Disclaimer

The Q&A refers to the provisions in force on the day of their publication. The EBA does not systematically review published Q&As following the amendment of legislative acts. Users of the Q&A tool should therefore check the date of publication of the Q&A and whether the provisions referred to in the answer remain the same.