EBA made clear in their final draft of the RTS that SDD is not part of their regulation:

“In relation to payment instruments, and as stated in the CP, the EBA understands that Article 97(1)(b) applies to electronic payments initiated by the payer, or by the payer through the payee such as credit transfers or card payments, but does not apply to electronic payments initiated by the payee only. Given Article 97(1)(c), an exception is a transaction where the payer’s consent for a direct debit transaction is given in the form of an electronic mandate with the involvement of its PSP. The different types of payment instruments include e-money payment transactions. For instance, credit transfers include e-money transfers.”

and

“With regards to direct debits, the EBA notes that they are out of the scope of the RTS as they are initiated by the payee.”

Even though the Commission has communicated its intention to amend to the RTS there is no comment on direct debit and SEPA DD mandates.

My conclusion is that PayPal, Amazon Payment, and SEPA DD will be pushed by many online businesses as UX with 2FA for credit card will drop conversion.

And even click-mandates seem to survive: So as a result of PSD2, we will observe concentration in online payment and more insecure direct debit payments – not exactly what was intended by the EBA.

Related documents:

• Final Report Draft Regulatory Technical Standards
• EBA Opinion on the amended text of the RTS on SCA and CSC (EBA-Op-2017-09)
• (EBA-2017-E-1315) Letter from O Guersent, FISMA re Commission intention to amend the draft RTS on SCA and CSC -Ares(2017)2639906