- Question ID
-
2018_4048
- Legal act
- Directive 2015/2366/EU (PSD2)
- Topic
- Strong customer authentication and common and secure communication (incl. access)
- Article
-
97
- COM Delegated or Implementing Acts/RTS/ITS/GLs/Recommendations
- Regulation (EU) 2018/389 - RTS on strong customer authentication and secure communication
- Article/Paragraph
-
Art. 14
- Type of submitter
-
Other
- Subject matter
-
Applicability of Strong Customer Authentication (SCA) to existing recurring payments solutions
- Question
-
Is Strong Customer Authentication (SCA) required if the series of recurring transactions was initiated before the date of application of the RTS?
- Background on the question
-
The RTS set out an exemption for recurring transactions (Article 14 RTS). In particular, SCA is not required for series of transactions with the same amount and payee. SCA is, however, required “when a payer creates, amends, or initiates for the first time, a series of recurring transactions”.
The RTS do not clarify how this exemption will apply to existing recurring payments solutions once the RTS become applicable. In particular, the RTS do not clarify whether SCA is required for the first recurring transaction carried out after the date of RTS application if the series of recurring transactions was initiated before the date of RTS application.
We believe that a sensible approach would be that recurring payments solutions already in place on the day of RTS application (e.g. existing subscription arrangements) will not require SCA. This is because it is unpractical and technically very difficult to perform SCA for subsequent transactions, as the cardholder is not ‘on-session’. In addition, these transactions have proven to be low-risk.
- Submission date
- Final publishing date
-
- Final answer
-
In accordance with Article 14(1) of the Commission Delegated Regulation (EU) 2018/389, payment service providers shall apply strong customer authentication (SCA) when a payer creates, amends, or initiates for the first time, a series of recurring transactions with the same amount and with the same payee.
Accordingly, for a series of recurring transactions created before the application of the Delegated Regulation, SCA should be required only when there is an amendment to these recurring transactions.
- Status
-
Final Q&A
- Answer prepared by
-
Answer prepared by the EBA.
Disclaimer
The Q&A refers to the provisions in force on the day of their publication. The EBA does not systematically review published Q&As following the amendment of legislative acts. Users of the Q&A tool should therefore check the date of publication of the Q&A and whether the provisions referred to in the answer remain the same.