Do you think notified eID means under eIDAS could be considered as one of the available mechanisms to meet the strong customer authentication requirements under PSD2?
Under Policy priority 1 of the eGovernment Action Plan, the Commission has committed to pursuing "further actions to accelerate the cross-border and cross-sector use of electronic identification (eID), including mobile ID, and trust services (in particular eSignature, website authentication and online registered delivery service) … in digitally enabled businesses (such as banking, finance, eCommerce and sharing economy)…".
It is against this background that reference to eIDAS is included in the draft regulatory technical standards specifying the requirements on Strong Customer Authentication and common and secure communications under the revised Payment Service Directive (PSD2).
Indeed, the draft RTS include reference to the use of Qualified Website Authentication Certificates (QWACs) under eIDAS to fulfil the requirement concerning the identification of payments service providers (PSPs), as an element of the common and secure open standards of communication. This is an important development in operationalising the use of QWACs in the banking/payment sector.
However, in the consultation paper on the draft RTS there is no reference to the use of notified eID means under eIDAS as one of available mechanisms/options to meet the strong customer authentication requirements under PSD2. This will be an important option to highlight and support also in view of the recently proposed Commission revision of the Anti-Money laundering Directive (AML4) that provides for the possible use of notified eID means under eIDAS for fully digital on-boarding activity.
Do not miss the opportunity to make your voice heard, you have only 5 days left to respond to the public consultation which will close next Wednesday, 12 October.