Skip to main content
  • Areas
  • Offices
  • Team
  • Talent
Site: English

Garrigues

ELIGE TU PAÍS / ESCOLHA O SEU PAIS / CHOOSE YOUR COUNTRY / WYBIERZ SWÓJ KRAJ / 选择您的国家

Close
  • Garrigues Facebook
  • Garrigues LinkedIn
  • Garrigues Twitter
  • Youtube
Menu

Main menu

  • About Garrigues
    • About Garrigues
    • Corporate governance
    • Strategic vision
    • Professional Ethics
    • Our history
    • Awards
    • G-advisory
  • Practice Areas More

    Areas and industries

    Practice areas

    • Accounting Law
    • Administrative Law
    • Banking and Finance
    • Corporate Law and Commercial Contracts
    • Criminal Law
    • E.U. & Antitrust
    • Environmental
    • Human Capital Services
    • Intellectual Property
    • Labor and Employment Law
    • Litigation and Arbitration
    • Mergers & Acquisitions
    • Planning and Zoning
    • Real Estate
    • Restructuring and Insolvency
    • Securities Markets
    • Startups & Open innovation
    • Tax

    Industries

    • Agribusiness
    • Automotive
    • Corporate Governance and Corporate Responsibility
    • Energy
    • Family Business
    • Fashion Law
    • Financial Institutions
    • Insurance
    • Life Sciences and Healthcare
    • Private Equity
    • Real Estate
    • Smart Cities
    • Sports & Entertainment
    • Technology & Outsourcing
    • Telecommunications & Media
    • Tourism and Hotels
    • Transport & Shipping
  • Locations More

    America

    • ChileSantiago de Chile
    • ColombiaBogota
    • United StatesNew York
    • MexicoMexico City
    • PeruLima

    Africa

    • MoroccoCasablanca

    Asia

    • ChinaBeijing
    • Shanghai

    Europe

    Spain

    • A Coruña
    • Alicante
    • Barcelona
    • Bilbao
    • Las Palmas de Gran Canaria
    • Madrid
    • Malaga
    • Murcia
    • Oviedo
    • Palma de Mallorca
    • Pamplona
    • San Sebastian
    • Sta. Cruz de Tenerife
    • Seville
    • Valencia
    • Valladolid
    • Vigo
    • Zaragoza
    • BelgiumBrussels
    • United KingdomLondon
    • PolandWarsaw
    • PortugalLisbon
    • Oporto

    Desks

    • Asia-Pacific Desk
    • Brazilian Desk
    • French Desk
    • German Desk
    • Indian Desk
    • Italian Desk
    • US Desk
  • Team More
    • A
    • B
    • C
    • D
    • E
    • F
    • G
    • H
    • I
    • J
    • K
    • L
    • M
    • N
    • O
    • P
    • Q
    • R
    • S
    • T
    • U
    • V
    • W
    • X
    • Y
    • Z

    Search a lawyer

  • Commitment
    • Garrigues and society
    • Diversity and equality
    • Environment
    • Education and research
    • Garrigues Sustainable
    • Innovation
    • Integrated Report
  • Garrigues news room
    • News
    • Legislative developments
    • Garrigues Op Ed
    • Garrigues Digital
    • Specials
    • Guides
    • Blogs
    • Contacts
  • Calendar of events
  • Work with us More

    Work with us

    • Join Garrigues
    • About us
    • Brochures and videos
    • Employment forums and presentations
    • FAQ
    • Selection process
    • Send your cv

You are here

Home

Hubs

  • CleanTech
  • e-Sports
  • FashionTech
  • FinTech
  • Industry 4.0
  • MediaTech
  • Platforms

Services

  • Antitrust
  • Cybersecurity
  • Data protection & Privacy
  • e-Commerce
  • e-Identity
  • Fintech Diaries
  • Intellectual property
  • IT & Cloud Solutions
  • Labor
  • Litigation and Arbitration
  • Media
  • On-line Reputation
  • Tax
  • Our services
  • Digital team
  • Contact
  • FinTech
  • Platforms
05-21-2018

The PSD2 and Regulation RTS require strong authentication measures for online payments

Submitted by GarriguesAdmin2 on Tue, 22/05/2018 - 10:13

José Ramón Morales (partner at Corporate Law and Commercial Contracts department and Technology & Outsourcing industry).

The world of online payments in the European Union is on the brink of a massive change: stronger customer authentication measures will be required upon the entry into force of Commission Delegated Regulation (EU) 2018/389 of November 27, 2017 (“Regulation RTS”). Regulation RTS supplements Directive (EU) 2015/2366 with regard to regulatory technical standards for strong customer authentication and common and secure open standards of communication (known as “PSD2”).

The term to transpose the PSD2 into national law in the EU Member States ended on January 13, 2018 (in Spain, the preliminary bill for its transposition was approved on May 18, 2018). The objectives of the PSD2 include making payments more secure and enhancing consumer protection, as well as encouraging innovation and competition in the context of a level playing field for all operators.

In particular, in order to reduce the risk of fraud in electronic transactions and better protect customers’ information, PSD2 calls for stronger customer authentication measures based on at least two of the following three elements: knowledge, possession and inherence. The PSD2 also establishes additional requirements for remote electronic payment transactions (unique authentication code with dynamic linking, generated for each payment transaction specific to the amount and the payee).

In contrast to the other provisions of the PSD2, the regulations on stronger customer authentication were deferred until the related regulatory technical standards were prepared and published, which has now been completed with the publication of Regulation RTS. Its general application will commence on September 14, 2019, except for certain obligations applicable to payment services operators accounts managers, which will come into force before this date. Since it is a regulation, it is directly compulsory in all Member States as from that date without the need for internal laws.

These compulsory requirements have raised concern not only among payment service providers, but also with e-commerce operators themselves. These operators, who receive electronic payments, fear that especially cumbersome security measures will affect usability and user experience in online transactions, leading to a sizeable drop in customers who use this form of payment. 

In upcoming posts we will look at the requirements that Regulation RTS establishes for strong customer authentication: classified as “knowledge” (something only the user knows), possession (something only the user possess), and devices and software that read elements classified as “inherence” (something the user is). We will also explore which transactions it affects and the various exemptions to application of strong authentication measures, according to risk, value or specific protocols to which they are subject. In particular, we will focus on unique authentication code requirements and their potential bearing on online payment transactions. 

Services:

e-Identity, e-Commerce

Share

  • Share in Facebook, Open in new window
  • Share in Twitter, Open in new window
  • Share in LinkedIn, Open in new window

Share

  • Share in Facebook, Open in new window
  • Share in Twitter, Open in new window
  • Share in LinkedIn, Open in new window

Related news

Garrigues collaborates with Foundation29 specialized in artificial intelligence applied to health
e-Identity
Platforms
+1
Data protection & Privacy
From blockchain to cybersecurity: six code sets in the royal decree law increasing the government’s powers to control the internet
Cybersecurity
FinTech
Industry 4.0
+2
Data protection & Privacy
e-Identity
  • Follow us
  • Follow us
  • Follow us
  • Follow us
  • About Garrigues
    • Corporate governance
    • Strategic vision
    • Professional ethics
    • Our history
    • Awards and rankings
  • Team
    • Search team
  • Extranet and online tools
  • Join us
    • Send your CV

Contact:

  • [email protected]
  • Tel: +34 91 514 52 00

Contact form

 

©2023 J&A Garrigues, S.L.P. All rights reserved

  • LEGAL TERMS & CONDITIONS
  • COOKIES POLICY
  • PRIVACY POLICY
  • SECURITY POLICY
  • RSS