Article 23 | Delegated Regulation 2018/389

Updated 05/02/2025

Metadata

In force

Version from: 12/09/2023

Amendments

Article 23 - Delegated Regulation 2018/389

Article 23

Creation and transmission of credentials

Payment service providers shall ensure that the creation of personalised security credentials is performed in a secure environment.

They shall mitigate the risks of unauthorised use of the personalised security credentials and of the authentication devices and software following their loss, theft or copying before their delivery to the payer.

Recitals

CHAPTER I - GENERAL PROVISIONS (Article 1-3)

CHAPTER II - SECURITY MEASURES FOR THE APPLICATION OF STRONG CUSTOMER AUTHENTICATION (Article 4-9)

CHAPTER III - EXEMPTIONS FROM STRONG CUSTOMER AUTHENTICATION (Article 10-21)

CHAPTER IV - CONFIDENTIALITY AND INTEGRITY OF THE PAYMENT SERVICE USERS' PERSONALISED SECURITY CREDENTIALS (Article 22-27)Article 22 - General requirements Q&A Article 23 - Creation and transmission of credentials Article 24 - Association with the payment service user Q&A Article 25 - Delivery of credentials, authentication devices and software Article 26 - Renewal of personalised security credentials Article 27 - Destruction, deactivation and revocation

CHAPTER V - COMMON AND SECURE OPEN STANDARDS OF COMMUNICATION (Article 28-36)

CHAPTER VI - FINAL PROVISIONS (Article 37-38)

ANNEX

Metadata

Related documents

Article 23 - Delegated Regulation 2018/389

Table of contents