Date-stamp loading
Version status: Applicable | Document consolidation status: Updated to reflect all known changes
Version date: 14 September 2019 - onwards
  Version 3 of 3    

Article 27 Destruction, deactivation and revocation

Payment service providers shall ensure that they have effective processes in place to apply each of the following security measures:

(a) the secure destruction, deactivation or revocation of the personalised security credentials, authentication devices and software;

(b) where the payment service provider distributes reusable authentication devices and software, the secure re-use of a device or software is established, documented and implemented before making it available to another payment services user;

(c) the deactivation or revocation of information related to personalised security credentials stored in the payment service provider's systems and databases and, where relevant, in public repositories.

Comparing proposed amendment...