(1) The FCA may make technical standards specifying -
(a) requirements that must be met by the strong customer authentication referred to in regulation 100(1) and (2);
(b) exemptions from the application of regulation 100(1), (2) and (3), based on the criteria specified in paragraph (3) of this regulation;
(c) the requirements with which security measures have to comply, in accordance with regulation 100(3), in order to protect the confidentiality and integrity of the payment service users’ personalised security credentials;
(d) the requirements for common and secure open standards of communication for the purpose of identification, authentication, notification and information, as well as for the implementation of security measures, between account servicing payment service providers, payment initiation service providers, account information service providers, payers, payees and other payment service providers.
(2) In making technical standards under this regulation, the FCA must hav
…