Payment service providers shall be allowed not to apply strong customer authentication, subject to compliance with the requirements laid down in Article 2 and to paragraph 2 of this Article and, where a payment service user is limited to accessing either or both of the following items online without disclosure of sensitive payment data:
the balance of one or more designated payment accounts;
the payment transactions executed in the last 90 days through one or more designated payment accounts.
For the purpose of paragraph 1, payment service providers shall not be exempted from the application of strong customer authentication where either of the following conditions are met:
the payment service user is accessing online the information specified in paragraph 1 for the first time;
more than 90 days have elapsed since the last time the payment service user accessed online the information specified in paragraph 1(b) and strong customer authentication was applied.
Status: Please note you should read all Brexit changes to the FCA Handbook and BTS alongside the main FCA transitional directions. Where these directions apply the 'standstill', firms have the choice between complying with the pre-IP completion day rules, or the post-IP completion day rules. To see a full list of Handbook modules affected, please see Annex B to the main FCA transitional directions.