Regulatory technical standards on ‘strong customer authentication and common and secure open standards of communication’ for payment services businesses have been formally written into EU law.
The majority of the new standards, stipulated in an EU regulation now published in the Official Journal of the EU, will not apply until 14 September 2019, however.
The new standards set out what banks must provide for to ensure that third parties in the payments market can access their customers' payment account data when they are given permission to do so by those customers. Such access rights are provided for under the EU's second Payment Services Directive (PSD2).