Skip to main content
Entire section Custom print Text Only Rich Text Print

Article (18) Authentication

  1. Licensees who are Data Holders and Service Owners must apply authentication procedures in accordance with Article 18(2) of this Regulation, where a User:

    1.1.accesses Account or Product information through a Data Sharing Provider conducting Data Sharing activities; or
    1.2.initiates a Transaction through a Service Initiation Provider conducting Service Initiation activities.
  2. Licensees who are Data Holders and/or Service Owners must select and implement a reliable and effective authentication procedure to verify the identity and validate the authority of the User. At a minimum, the procedure must require two factor authentication, including elements of knowledge, possession or inherence. Additional procedures must be applied in higher risk circumstances. Licensees who are Data Holders and/or Service Owners must also comply with any additional requirements specified from time to time by the Central Bank.
  3.  Providers of Data Sharing and/or Service Initiation may rely on authentication procedures performed by the Data Holder or Service Owner, as appropriate.