Commission Delegated Regulation (EU) 2018/389 of 27 November 2017 supplementing D... (32018R0389)
INHALT
Commission Delegated Regulation (EU) 2018/389 of 27 November 2017 supplementing Directive (EU) 2015/2366 of the European Parliament and of the Council with regard to regulatory technical standards for strong customer authentication and common and secure open standards of communication (Text with EEA relevance. )
- COMMISSION DELEGATED REGULATION (EU) 2018/389
- of 27 November 2017
- supplementing Directive (EU) 2015/2366 of the European Parliament and of the Council with regard to regulatory technical standards for strong customer authentication and common and secure open standards of communication
- (Text with EEA relevance)
- CHAPTER I
- GENERAL PROVISIONS
- Article 1
- Subject matter
- Article 2
- General authentication requirements
- Article 3
- Review of the security measures
- CHAPTER II
- SECURITY MEASURES FOR THE APPLICATION OF STRONG CUSTOMER AUTHENTICATION
- Article 4
- Authentication code
- Article 5
- Dynamic linking
- Article 6
- Requirements of the elements categorised as knowledge
- Article 7
- Requirements of the elements categorised as possession
- Article 8
- Requirements of devices and software linked to elements categorised as inherence
- Article 9
- Independence of the elements
- CHAPTER III
- EXEMPTIONS FROM STRONG CUSTOMER AUTHENTICATION
- Article 10
- Payment account information
- Article 11
- Contactless payments at point of sale
- Article 12
- Unattended terminals for transport fares and parking fees
- Article 13
- Trusted beneficiaries
- Article 14
- Recurring transactions
- Article 15
- Credit transfers between accounts held by the same natural or legal person
- Article 16
- Low-value transactions
- Article 17
- Secure corporate payment processes and protocols
- Article 18
- Transaction risk analysis
- Article 19
- Calculation of fraud rates
- Article 20
- Cessation of exemptions based on transaction risk analysis
- Article 21
- Monitoring
- CHAPTER IV
- CONFIDENTIALITY AND INTEGRITY OF THE PAYMENT SERVICE USERS' PERSONALISED SECURITY CREDENTIALS
- Article 22
- General requirements
- Article 23
- Creation and transmission of credentials
- Article 24
- Association with the payment service user
- Article 25
- Delivery of credentials, authentication devices and software
- Article 26
- Renewal of personalised security credentials
- Article 27
- Destruction, deactivation and revocation
- CHAPTER V
- COMMON AND SECURE OPEN STANDARDS OF COMMUNICATION
- Section 1
- General requirements for communication
- Article 28
- Requirements for identification
- Article 29
- Traceability
- Section 2
- Specific requirements for the common and secure open standards of communication
- Article 30
- General obligations for access interfaces
- Article 31
- Access interface options
- Article 32
- Obligations for a dedicated interface
- Article 33
- Contingency measures for a dedicated interface
- Article 34
- Certificates
- Article 35
- Security of communication session
- Article 36
- Data exchanges
- CHAPTER VI
- FINAL PROVISIONS
- Article 37
- Review
- Article 38
- Entry into force
- ANNEX
Feedback