What are the practical implications? What does it mean that the RTS are now in force? And isn’t PSD2 already in force since 13 January 2018?

The German Association for Information Technology, Telecommunications and New Media (BITKOM) published a position paper on the consultation for the security of internet payments. In the statement BITKOM comments on the consultations of the EBA.

The European Banking Authority (‘EBA’) published a consultation paper on the implementation of its Guidelines on the security of internet payments, the output of work undertaken in conjunction with the European Central Bank (‘ECB’), with the basis of much of the guidelines being work by the European Forum for the Security of Retail Payments. The EBA expects these proposed guidelines to enter into force in August 2015. Dr. Matthias Terlau and Dr. Daniel Walter of Osborne Clarke discuss the compliance expectations for payment service providers and analyse the critical aspects of the proposed guidelines.

Both, EU Commission and ECB are particularly engaged to make internet payments more secure. The ECB formed a forum of European central banks and supervisory authorities, called SecuRe Pay, to discuss and eventually agree on a set of rules for the enhancing of security of internet payments, one of the most important of such rules being the strong customer authentification when making internet payments or accessing payment data. The rules were finally issued as recommendations of the ECB in January 2014.
The EU Commission included in July 2014 the same basic rule on strong customer authentification within its proposal for a Second Payment Services Directive (PSD2).