Skip to main content
Version status: Entered into force | Document consolidation status: Updated to reflect all known changes
Version date: 12 January 2016 - onwards
Version 2 of 2

Article 97 Authentication

DRAFT To be repealed Article 48 Repeal of the Proposal for a Directive of the European Parliament and of the Council on payment services and electronic money services in the Internal Market amending Directive 98/26/EC and repealing Directives 2015/2366/EU and 2009/110/EC (COM(2023) 366 final / 2023/0209 (COD)) (PSD3) (updated 19 April 2024 with Information Note)

1. Member States shall ensure that a payment service provider applies strong customer authentication where the payer:

(a) accesses its payment account online;

(b) initiates an electronic payment transaction;

(c) carries out any action through a remote channel which may imply a risk of payment fraud or other abuses.

2. With regard to the initiation of electronic payment transactions as referred to in point (b) of paragraph 1, Member States shall ensure that, for electronic remote payment transactionspayment service providers apply strong customer authentication that includes elements which dynamically link the transaction to a specific amount and a specific payee.

3. With regard to paragraph 1, Member States shall ensure that payment service providers have in place adequate security measures to protect the confidentiality and integrity of payment service users' personalised security credentials.