Version status: Applicable | Document consolidation status: No known changes
Published date: 13 March 2018
    Version 1 of 1    

Commission Delegated Regulation (EU) 2018/389 of 27 November 2017 supplementing Directive (EU) 2015/2366 of the European Parliament and of the Council with regard to regulatory technical standards for strong customer authentication and common and secure open standards of communication (SCA-RTS) (Text with EEA relevance)

Recitals
Chapter I General provisions (arts. 1-3)
Applicable
Article 1 Subject matter
Applicable
Article 2 General authentication requirements
Applicable
Article 3 Review of the security measures
Chapter II Security measures for the application of strong customer authentication (arts. 4-9)
Applicable
Article 4 Authentication code
Applicable
Article 5 Dynamic linking
Applicable
Article 6 Requirements of the elements categorised as knowledge
Applicable
Article 7 Requirements of the elements categorised as possession
Applicable
Article 8 Requirements of devices and software linked to elements categorised as inherence
Applicable
Article 9 Independence of the elements
Chapter III Exemptions from strong customer authentication (arts. 10-21)
Applicable
Article 10 Payment account information
Applicable
Article 11 Contactless payments at point of sale
Applicable
Article 12 Unattended terminals for transport fares and parking fees
Applicable
Article 13 Trusted beneficiaries
Applicable
Article 14 Recurring transactions
Applicable
Article 15 Credit transfers between accounts held by the same natural or legal person
Applicable
Article 16 Low-value transactions
Applicable
Article 17 Secure corporate payment processes and protocols
Applicable
Article 18 Transaction risk analysis
Applicable
Article 19 Calculation of fraud rates
Applicable
Article 20 Cessation of exemptions based on transaction risk analysis
Applicable
Article 21 Monitoring
Chapter IV Confidentiality and integrity of the payment service users' personalised security credentials (arts. 22-27)
Applicable
Article 22 General requirements
Applicable
Article 23 Creation and transmission of credentials
Applicable
Article 24 Association with the payment service user
Applicable
Article 25 Delivery of credentials, authentication devices and software
Applicable
Article 26 Renewal of personalised security credentials
Applicable
Article 27 Destruction, deactivation and revocation
Chapter V Common and secure open standards of communication (arts. 28-36)
Section 1 General requirements f or communication (arts. 28-29)
Applicable
Article 28 Requirements for identification
Applicable
Article 29 Traceability
Section 2 Specific requirements for the common and secure open standards of communication (arts. 30-36)
Applicable
Article 30 General obligations for access interfaces
Applicable
Article 31 Access interface options
Applicable
Article 32 Obligations for a dedicated interface
Applicable
Article 33 Contingency measures for a dedicated interface
Applicable
Article 34 Certificates
Applicable
Article 35 Security of communication session
Applicable
Article 36 Data exchanges
Chapter VI Final provisions (arts. 37-38)
Applicable
Article 37 Review
Applicable
Article 38 Entry into force
Applicable
Annex
Done at