Skip to main content
Entire section Custom print Text Only Rich Text Print

Article (18) Authentication

C 7/2023

  1. Licensees who are Data Holders and Service Owners must apply authentication procedures in accordance with Article 18(2) of this Regulation, where a User:

    1.1.accesses Account or Product information through a Data Sharing Provider conducting Data Sharing activities; or
     
    1.2.initiates a Transaction through a Service Initiation Provider conducting Service Initiation activities.
     
  2. Licensees who are Data Holders and/or Service Owners must select and implement a reliable and effective authentication procedure to verify the identity and validate the authority of the User. At a minimum, the procedure must require two factor authentication, including elements of knowledge, possession or inherence. Additional procedures must be applied in higher risk circumstances. Licensees who are Data Holders and/or Service Owners must also comply with any additional requirements specified from time to time by the Central Bank.
     
  3. Providers of Data Sharing and/or Service Initiation may rely on authentication procedures performed by the Data Holder or Service Owner, as appropriate.