English EN

All Tools

Updated 16/09/2024

Metadata

In force since 14/03/2018

Version from: 12/09/2023

References (4)

EBA webpage on this legal act

eba.europa.eu/legacy/regulation-and-policy/regulatory-activities/payment-services-and-electronic-money-0

Timeline

23/08/2023

Amendment: Delegated Regulation 2023/1650 published in OJ

05/12/2022

Amendment: Delegated Regulation 2022/2360 published in OJ

05/04/2022

EBA/RTS/2022/03

Final Draft published

28/10/2021

Consultation published

13/03/2018

Delegated Regulation 2018/389 published in OJ

23/02/2017

EBA/RTS/2017/02

Final Draft published

12/08/2016

Consultation published

Search within this legal act

Synchronised with EUR-Lex on 16/09/2024

PSD2 Tool Delegated Regulation 2018/389

Delegated Regulation 2018/389

Commission Delegated Regulation (EU) 2018/389 of 27 November 2017 supplementing Directive (EU) 2015/2366 of the European Parliament and of the Council with regard to regulatory technical standards for strong customer authentication and common and secure open standards of communication (Text with EEA relevance)

CHAPTER I - GENERAL PROVISIONS (Article 1-3)Article 1 - Subject matter Q&A Article 2 - General authentication requirements Q&A Article 3 - Review of the security measures Q&A

CHAPTER II - SECURITY MEASURES FOR THE APPLICATION OF STRONG CUSTOMER AUTHENTICATION (Article 4-9)Article 4 - Authentication code Q&A Article 5 - Dynamic linking Q&A Article 6 - Requirements of the elements categorised as knowledge Q&A Article 7 - Requirements of the elements categorised as possession Q&A Article 8 - Requirements of devices and software linked to elements categorised as inherence Q&A Article 9 - Independence of the elements Q&A

CHAPTER III - EXEMPTIONS FROM STRONG CUSTOMER AUTHENTICATION (Article 10-21)Article 10 - Access to the payment account information directly with the account servicing payment service provider Q&A Article 10a - Access to the payment account information through an account information service provider Q&A Article 11 - Contactless payments at point of sale Q&A Article 12 - Unattended terminals for transport fares and parking fees Q&A Article 13 - Trusted beneficiaries Q&A Article 14 - Recurring transactions Q&A Article 15 - Credit transfers between accounts held by the same natural or legal person Q&A Article 16 - Low-value transactions Q&A Article 17 - Secure corporate payment processes and protocols Q&A Article 18 - Transaction risk analysis Q&A Article 19 - Calculation of fraud rates Q&A Article 20 - Cessation of exemptions based on transaction risk analysis Q&A Article 21 - Monitoring

CHAPTER IV - CONFIDENTIALITY AND INTEGRITY OF THE PAYMENT SERVICE USERS' PERSONALISED SECURITY CREDENTIALS (Article 22-27)Article 22 - General requirements Q&A Article 23 - Creation and transmission of credentials Article 24 - Association with the payment service user Q&A Article 25 - Delivery of credentials, authentication devices and software Article 26 - Renewal of personalised security credentials Article 27 - Destruction, deactivation and revocation

CHAPTER V - COMMON AND SECURE OPEN STANDARDS OF COMMUNICATION (Article 28-36)

Section 1 - General requirements for communication (Article 28-29)Article 28 - Requirements for identification Article 29 - Traceability

Section 2 - Specific requirements for the common and secure open standards of communication (Article 30-36)Article 30 - General obligations for access interfaces Q&A Article 31 - Access interface options Q&A Article 32 - Obligations for a dedicated interface Q&A Article 33 - Contingency measures for a dedicated interface Q&AGL Article 34 - Certificates Q&A Article 35 - Security of communication session Q&A Article 36 - Data exchanges Q&A

CHAPTER VI - FINAL PROVISIONS (Article 37-38)Article 37 - Review Article 38 - Entry into force GL

contact@judict.eu

© All rights reserved. Made with

❤️

in Berlin.

About FAQ Give Feedback Privacy Notice Legal Notice

Subscribe to our newsletter

*Subscribe to our newsletter to receive updates,
offers, product information and custom content.