The Regulatory Technical Standards (RTS) is a supplementary directive designed to complement the Revised Payment Service Directives (PSD2), eIDAS and any other such cases where Strong Customer Authentication is required.
In Part 1 and Part 2 of our series on the Regulatory Technical Standards, we looked at how it complements eIDAS and PSD2 respectively. RTS not only stipulates the specifics of achieving Strong Customer Authentication, but it also lays the groundwork for establishing secure communication between various parties to an online transaction.
While on the surface it may seem like the Regulatory Technical Standards on Strong Customer Authentication have been designed to target a very specific problem (that of customer authentication), they in fact comprehensively target broader transactional security in the following ways:
Although some service providers have offered reservations about RTS, there is definitely enough flexibility built-in to allow for a multitude of approaches to achieving the goal of transactional and account security. By making exemption thresholds dynamic based on actual performance, service providers with better systems and procedures will have even more options available to them. For the end users, this means better security and the assurance of certain minimum standards.