1. These Standards are made by the Financial Conduct Authority pursuant to Regulation 106A of the Payment Services Regulations 2017 as amended by the Electronic Money, Payment Services and Payment Systems (Amendment and Transitional Provisions) (EU Exit) Regulations 2018 in order to specify:
(a) the requirements that must be met by strong customer authentication referred to in Regulation 100(1) and (2);
(b) the exemption from the application of Regulation 100(1), (2) and (3);
(c) the requirements with which security measures have to comply to protect the confidentiality and integrity of payment service users’ personalised security credentials;
(d) the requirements for common and secure open standards of communication for the purpose of identification, authentication, notification and information, as well as for the implementation of security measures, between account servicing payment service providers, account information service providers, payers, payees and other payment service providers.
2. These Standards apply to payment service providers authorised or registered in the UK or Gibraltar, including account servicing payment service providers and account information service providers.
3. These Standards also apply to payment service providers who have temporary permission in accordance with paragraphs 2 and 14 of Schedule 3 of the Payment Services Regulations 2017 and the Electronic Money Regulations 2011 as amended by the Electronic Money, Payment Services and Payment Systems (Amendment and Transitional Provisions) (EU Exit) Regulations 2018.
4. These Standards also apply to payment service providers who have continued authorisation for a limited purpose in accordance with paragraph 12B of Part 1A and paragraph 26 of Part 3 of the Payment Services Regulations and Electronic Money Regulations as amended by the Financial Services Contracts (Transitional and Saving Provision) (EU Exit) Regulations 2019.