1. European
  2. Legislation (EU)
  3. EU Regulations
  4. 2018
Date-stamp loading
  1. Commission Delegated Regulation (EU) 2018/389 of 27 November 2017 supplementing Directive (EU) 2015/2366 of the European Parliament and of the Council with regard to regulatory technical standards for strong customer authentication and common and secure open standards of communication (SCA-RTS) (Text with EEA relevance)
Next
Version status: Applicable | Document consolidation status: No known changes
Published date: 13 March 2018

Commission Delegated Regulation (EU) 2018/389 of 27 November 2017 supplementing Directive (EU) 2015/2366 of the European Parliament and of the Council with regard to regulatory technical standards for strong customer authentication and common and secure open standards of communication (SCA-RTS) (Text with EEA relevance)

Consolidation Status: No known changes
Recitals
Chapter I General provisions (arts. 1-3)
Applicable
 Article 1 Subject matter
Applicable
 Article 2 General authentication requirements
Applicable
 Article 3 Review of the security measures
Chapter II Security measures for the application of strong customer authentication (arts. 4-9)
Applicable
 Article 4 Authentication code
Applicable
 Article 5 Dynamic linking
Applicable
 Article 6 Requirements of the elements categorised as knowledge
Applicable
 Article 7 Requirements of the elements categorised as possession
Applicable
 Article 8 Requirements of devices and software linked to elements categorised as inherence
Applicable
 Article 9 Independence of the elements
Chapter III Exemptions from strong customer authentication (arts. 10-21)
Applicable
 Article 10 Payment account information
Applicable
 Article 11 Contactless payments at point of sale
Applicable
 Article 12 Unattended terminals for transport fares and parking fees
Applicable
 Article 13 Trusted beneficiaries
Applicable
 Article 14 Recurring transactions
Applicable
 Article 15 Credit transfers between accounts held by the same natural or legal person
Applicable
 Article 16 Low-value transactions
Applicable
 Article 17 Secure corporate payment processes and protocols
Applicable
 Article 18 Transaction risk analysis
Applicable
 Article 19 Calculation of fraud rates
Applicable
 Article 20 Cessation of exemptions based on transaction risk analysis
Applicable
 Article 21 Monitoring
Chapter IV Confidentiality and integrity of the payment service users' personalised security credentials (arts. 22-27)
Applicable
 Article 22 General requirements
Applicable
 Article 23 Creation and transmission of credentials
Applicable
 Article 24 Association with the payment service user
Applicable
 Article 25 Delivery of credentials, authentication devices and software
Applicable
 Article 26 Renewal of personalised security credentials
Applicable
 Article 27 Destruction, deactivation and revocation
Chapter V Common and secure open standards of communication (arts. 28-36)
Section 1 General requirements f or communication (arts. 28-29)
Applicable
 Article 28 Requirements for identification
Applicable
 Article 29 Traceability
Section 2 Specific requirements for the common and secure open standards of communication (arts. 30-36)
Applicable
 Article 30 General obligations for access interfaces
Applicable
 Article 31 Access interface options
Applicable
 Article 32 Obligations for a dedicated interface
Applicable
 Article 33 Contingency measures for a dedicated interface
Applicable
 Article 34 Certificates
Applicable
 Article 35 Security of communication session
Applicable
 Article 36 Data exchanges
Chapter VI Final provisions (arts. 37-38)
Applicable
 Article 37 Review
Applicable
 Article 38 Entry into force
Applicable
 Annex
Done at
Next