|
| Recitals |
| Chapter I General provisions (arts. 1-3) |
Applicable | Article 1 Subject matter |
Applicable | Article 2 General authentication requirements |
Applicable | Article 3 Review of the security measures |
| Chapter II Security measures for the application of strong customer authentication (arts. 4-9) |
Applicable | Article 4 Authentication code |
Applicable | Article 5 Dynamic linking |
Applicable | Article 6 Requirements of the elements categorised as knowledge |
Applicable | Article 7 Requirements of the elements categorised as possession |
Applicable | Article 8 Requirements of devices and software linked to elements categorised as inherence |
Applicable | Article 9 Independence of the elements |
| Chapter III Exemptions from strong customer authentication (arts. 10-21) |
Applicable | Article 10 Payment account information |
Applicable | Article 11 Contactless payments at point of sale |
Applicable | Article 12 Unattended terminals for transport fares and parking fees |
Applicable | Article 13 Trusted beneficiaries |
Applicable | Article 14 Recurring transactions |
Applicable | Article 15 Credit transfers between accounts held by the same natural or legal person |
Applicable | Article 16 Low-value transactions |
Applicable | Article 17 Secure corporate payment processes and protocols |
Applicable | Article 18 Transaction risk analysis |
Applicable | Article 19 Calculation of fraud rates |
Applicable | Article 20 Cessation of exemptions based on transaction risk analysis |
Applicable | Article 21 Monitoring |
| Chapter IV Confidentiality and integrity of the payment service users' personalised security credentials (arts. 22-27) |
Applicable | Article 22 General requirements |
Applicable | Article 23 Creation and transmission of credentials |
Applicable | Article 24 Association with the payment service user |
Applicable | Article 25 Delivery of credentials, authentication devices and software |
Applicable | Article 26 Renewal of personalised security credentials |
Applicable | Article 27 Destruction, deactivation and revocation |
| Chapter V Common and secure open standards of communication (arts. 28-36) |
| Section 1 General requirements f or communication (arts. 28-29) |
Applicable | Article 28 Requirements for identification |
Applicable | Article 29 Traceability |
| Section 2 Specific requirements for the common and secure open standards of communication (arts. 30-36) |
Applicable | Article 30 General obligations for access interfaces |
Applicable | Article 31 Access interface options |
Applicable | Article 32 Obligations for a dedicated interface |
Applicable | Article 33 Contingency measures for a dedicated interface |
Applicable | Article 34 Certificates |
Applicable | Article 35 Security of communication session |
Applicable | Article 36 Data exchanges |
| Chapter VI Final provisions (arts. 37-38) |
Applicable | Article 37 Review |
Applicable | Article 38 Entry into force |
Applicable | Annex |
| Done at |