Help topics The EU Payment Directive PSD2

PSD2 stands for "Payment Services Directive" and is an update of the Payment Services Directive mandated by the EU. Strengthened individual authentication (Strong Customer Authentication - SCA), such as two-factor authentication, is intended to create more security for you in payment transactions.

From 1 January 2021, 2-factor authentication of the EU Payment Services Directive PSD2 will be mandatory for all online merchants. To do this, you must authenticate yourself using strong customer authentication (SCA). For this purpose, two out of three possible, independent safety factors must be used..

PSD2 provides for the following factors:

1. Knowledge (e.g. password, PIN)
2. Possession (e.g. mobile phone, SIM card, credit card itself [physical card])
3. Inherence (e.g. fingerprint, facial recognition, other biometric methods)

• You are being asked to authenticate themselves clearly more often than before. Multiple authentication increases security in the payment area.
• You need a CardService SecureCode, which you can set in My Portal or an activated pushTAN in the My ELBA app.

By using pushTAN, your payments are SCA-compliant and can therefore be processed.

You will need a CardService SecureCode for this, which you can set in My Portal. A valid telephone number, which is stored in our system, is also required.

The e-commerce password is a static password that you can set yourself for internet payments via My Portal. The exact name for this is also CardService SecureCode (CSSC).

In order to guarantee a smooth online shopping process, we recommend that all our customers use the CardService SecureCode.

Addendum: If you use pushTAN, it is not mandatory. However, if the pushTAN service fails, no e-commerce payments can be made with SCA. We therefore also recommend that pushTAN users create the CardService SecureCode.

If you use pushTAN, it is not mandatory to assign a CardService SecureCode (e-commerce password). However, if the pushTAN service fails, no internet payments can be made with SCA. We therefore also recommend that pushTAN users create the CardService SecureCode.

This variant is no longer possible due to PSD2.

After registering in My Portal, there is the option to set your CardService SecureCode. In order for the login to My Portal to work smoothly, we need a valid mobile phone number and e-mail address from you. You are welcome to contact us via the change form on our website (www.r-card-service.at/meinportal) or via your Raiffeisenbank advisory.

For all merchants who use an acquirer in the EEA (European Economic Area), PSD2 is mandatory..

Since 01.01.2021, online payments must be processed with two-factor authentication (abbreviated SCA for Strong Customer Authentication) in accordance with PSD2. Unfortunately, there are still transactions from merchants that do not meet this requirement or do not comply with the defined exceptions of Mastercard and Visa.

Online payments that fall within the defined exceptions of PSD2 do not require two-factor authentication. The defined exceptions can be found here.

When sending SMS to foreign telephone numbers as well as to Austrian telephone numbers abroad, problems may arise that are beyond our control.

The defined exceptions can be found here.

Cardholder-initiated online payments, as well as other electronic payments, apart from the exceptions defined in PSD2, must be made with two-factor authentication.

Since 01.01.2021, online payments must be processed with two-factor authentication (abbreviated SCA for Strong Customer Authentication) in accordance with PSD2, with exceptions.

For amounts up to EUR 30, no additional confirmation of payment is required.

A subscription (fixed amount) must be confirmed once (at the beginning) with SCA. Subsequently (recurring payments), SCA is no longer necessary, as online payments initiated by merchants fall under the exceptions defined in PSD2.

PSD2 is valid in the EU (European Union) and the EEA (European Economic Area). The exceptions are defined in the EU's second Payment Services Directive 2015/2366.

Please contact the My ELBA team and your Raiffeisen Bank to see if the configuration of your credit card and My ELBA has been carried out correctly. If the problem persists, please contact the Raiffeisen CardService team to analyse the exact misconduct.

You can assign the CardService SecureCode at any time in My Portal. In the course of a payment that supports the SecureCode, you will be asked to enter your stored CardService SecureCode and will automatically receive the required one-time password by SMS to the mobile phone number stored with us.

If you use pushTAN, it is not mandatory to assign a CardService SecureCode. However, if the pushTAN service fails, no internet payments can be made with SCA. We therefore also recommend that pushTAN users create the CardService SecureCode.

If you have a Raiffeisen user ID, you can sign with pushTAN (signature app). Alternatively, you can sign the CardService SecureCode in conjunction with a one-time password that is sent by SMS to the mobile phone number on file with us.

Since PSD2 is a directive of the European Commission, it applies in the EU (European Union) and the EEA (European Economic Area). We have no information about future expansions.

Online payments that fall within the defined exceptions of PSD2 do not require double subscription. The defined exceptions can be found here.

Online payments that fall within the defined exceptions of PSD2 do not require double subscription. The defined exceptions can be found here.

You may have several signatory numbers. If so, please use the other user in My ELBA. Otherwise, please contact the My ELBA team and your Raiffeisen Bank to see if the configuration of your credit card and My ELBA has been carried out correctly.

There are exceptions for small amounts of up to Euro 30,-. The defined exceptions can be found here.