Article 27 | Delegated Regulation 2018/389

Updated 18/09/2024

Metadata

In force

Version from: 12/09/2023

Amendments

Article 27 - Destruction, deactivation and revocation

Article 27

Destruction, deactivation and revocation

Payment service providers shall ensure that they have effective processes in place to apply each of the following security measures:

(a)

the secure destruction, deactivation or revocation of the personalised security credentials, authentication devices and software;

(b)

where the payment service provider distributes reusable authentication devices and software, the secure re-use of a device or software is established, documented and implemented before making it available to another payment services user;

(c)

the deactivation or revocation of information related to personalised security credentials stored in the payment service provider's systems and databases and, where relevant, in public repositories.

Recitals

CHAPTER I - GENERAL PROVISIONS (Article 1-3)

CHAPTER II - SECURITY MEASURES FOR THE APPLICATION OF STRONG CUSTOMER AUTHENTICATION (Article 4-9)

CHAPTER III - EXEMPTIONS FROM STRONG CUSTOMER AUTHENTICATION (Article 10-21)

CHAPTER IV - CONFIDENTIALITY AND INTEGRITY OF THE PAYMENT SERVICE USERS' PERSONALISED SECURITY CREDENTIALS (Article 22-27)Article 22 - General requirements Q&A Article 23 - Creation and transmission of credentials Article 24 - Association with the payment service user Q&A Article 25 - Delivery of credentials, authentication devices and software Article 26 - Renewal of personalised security credentials Article 27 - Destruction, deactivation and revocation

CHAPTER V - COMMON AND SECURE OPEN STANDARDS OF COMMUNICATION (Article 28-36)

CHAPTER VI - FINAL PROVISIONS (Article 37-38)

ANNEX

Metadata

Related documents

Article 27 - Destruction, deactivation and revocation

Table of contents