BaFin will not object if payment service providers based in Germany execute card payments on the Internet until December 31, 2020, even without strong customer authentication as required under PSD2.
The background to this is the opinion issued by the EuropeanBanking Authority ( EBA) on October 16, in which it recommends this deadline to national supervisory authorities. In addition, the EBA sets milestones for the payment service providers involved and defines data to be reported, which the supervisor can use to monitor progress until all relevant PSD2 requirements are fully implemented. BaFin also incorporates these milestones into its supervisory practice.
On August 21, 2019, BaFin had already informed about the facilitation of customer authentication, but had not yet specified a deadline. The facilitations also apply to online payments with debit cards or prepaid cards. Card-issuing payment service providers that already offer their card customers a PSD2-compliant authentication method should not switch it off again.
