Reset to Today

To access the FCA Handbook Archive choose a date between 1 January 2001 and 31 December 2004.

Content Options:

Content Options

View Options:


You are viewing the version of the document as on 2024-09-30.

Alternative versions

  1. Point in time
    2024-09-30

Article 27 Destruction, deactivation and revocation

Payment service providers shall ensure that they have effective processes in place to apply each of the following security measures:

  1. (a)

    the secure destruction, deactivation or revocation of the personalised security credentials, authentication devices and software;

  2. (b)

    where the payment service provider distributes reusable authentication devices and software, the secure re-use of a device or software is established, documented and implemented before making it available to another payment services user;

  3. (c)

    the deactivation or revocation of information related to personalised security credentials stored in the payment service provider’s systems and databases and, where relevant, in public repositories.