1. A payment service provider shall apply strong customer authentication, on the basis of the risk assesment carried out under the transaction monitoring mechanism as set out in Article 83, where the payer:
(a) accesses its payment account online;
(c) places a payment order for an electronic payment transaction;
(d) carries out any action through a remote channel which may imply a risk of payment fraud or other abuses.
2. Payment transactions that are not initiated by the payer but by the payee only shall not be subject to strong customer authentication to the extent that those transactions are initiated without any interaction or involvement of the payer. Such exemptions shall also apply to refunds that are initiated by the original payee in favour of the payer.
3. Where the payer has given a mandate authorising the payee to place a payment order for a payment transaction or a series of payment transactions through a particular payment instrument that is issued to be used by the payer
…