top of page

What is the regulatory intent behind the European Banking Authority (EBA) Guidelines on: The Security Measures for Operational and Security Risks of Payment Services Under Directive (EU) 2015/2366 (PSD2)?

These guidelines are one of the three security-related mandates conferred on the European Banking Authority (<a href="/glossarycollection/european-banking-authority" style="color:#48277C;" target="_blank" title="European Banking Authority"><u>EBA</u></a>) in the Second Payment Services Directive (<a href="/glossarycollection/the-second-payment-services-directive" style="color:#48277C;" target="_blank" title="The Second Payment Services Directive"><u>PSD2</u></a>) which the EBA has developed in close cooperation with the European Central Bank.<br/><br/>

They complement the Regulatory Technical Standards (<a href="/glossarycollection/regulatory-technical-standards" style="color:#48277C;" target="_blank" title="Regulatory Technical Standards"><u>RTS</u></a>) on Strong Customer Authentication (<a href="/glossarycollection/strong-customer-authentication" style="color:#48277C;" target="_blank" title="Strong Customer Authentication"><u>SCA</u></a>) and Common and Secure Communication under PSD2 (EBA/RTS/2017/02), which were submitted to the European Commission for adoption on 23 February 2017, and the guidelines on major incidents reporting under EBA-GL-2017-10 which were published on 27 July 2017. 

bottom of page