Chapter 3 Exemptions from strong customer authentication
Article 10 Payment account information accessed directly by a payment service user
- (-1)
This Article applies where a payment service user is not using an account information service provider to access payment account information.1
- (1)
Payment service providers shall be allowed not to apply strong customer authentication, subject to compliance with the requirements laid down in Article 2 and to paragraph 2 of this Article and, where a payment service user is limited to accessing either or both of the following items online without disclosure of sensitive payment data:
- (a)
the balance of one or more designated payment accounts;
- (b)
the payment transactions executed in the last 90 days through one or more designated payment accounts.
- (a)
- (2)
For the purpose of paragraph 1, payment service providers shall not be exempted from the application of strong customer authentication where either of the following conditions are met:
- (a)
the payment service user is accessing online the information specified in paragraph 1 for the first time;
- (b)
more than 90 days have elapsed since the last time the payment service user accessed online the information specified in paragraph 1(b) and strong customer authentication was applied.
- (a)