Payment Service Directive (PSD2) & Regulatory Technical Standard (RTS)
Under the European Payment Services Directive 2015/2366 (PSD2) and the provision and use of Payments Services and Access to Payment Systems Law (L.31 (I) / 2018), banks are required to implement stronger customer authentication for the purpose of securing payments.
As stated in the security measures described in the RTS (Regulatory Technical Standard), in cases where payment service providers apply strong customer authentication, they shall also adopt security measures that meet each of the following requirements:
a) Τhe payer is made aware of the amount of the payment transaction and of the payee
b) The OTP-One Time Password generated and accepted by the provider (bank) corresponds to the original specific amount of the payment transaction and to the identity of the payee agreed to by the payer
(c) Αny change in the amount or the payee results in the invalidations of the one time password generated.