How do you know if your business is compliant with the Regulatory Technical Standards (RTS)?

This depends on your business model and your existing solution coverage. For instance, corporate payment providers don't need to perform Strong Customer Authentication (<a href="/glossarycollection/strong-customer-authentication" style="color:#48277C;" target="_blank" title="Strong Customer Authentication"><u>SCA</u></a>) if they use secure H2H (Host-to-Host) solutions that offer SCA equivalence.<br/><br/>

If you don't provide online Payment Service User (<a href="/glossarycollection/payment-service-user" style="color:#48277C;" target="_blank" title="Payment Service User"><u>PSU</u></a>) access to your e-money accounts then they are not in-scope. MOTO and Merchant Initiated Transactions are also not in scope.<br/><br/>

If you don't intend to apply Transaction Risk Analysis (<a href="/glossarycollection/transaction-risk-analysis" style="color:#48277C;" target="_blank" title="Transaction Risk Analysis"><u>TRA</u></a>) and you apply SCA to ALL your transactions, then you may have significantly reduced scope. The questions below are some of the key considerations.