Strong Customer Authentication


    The purpose of the Regulation adopted by the NBG on September 2, 2020 is to ensure the secure authentication of the payment service user, protect the confidentiality and integrity of the user's personalized security credentials, and reduce the risk of fraud and other illegal activities.


    This is aimed at improving the stability of the financial sector, strengthening user protection, promoting the efficient and proper operation of the financial and payment systems, and increasing user confidence in payment services and cashless payments.


    The provisions of the Regulation apply to payment service providers: commercial banks licensed by the National Bank of Georgia, payment service providers registered by the National Bank of Georgia, and microfinance institutions.


    The provider is obliged to perform strong authentication when its customer - the payer performs the following actions:


    a) Payer remotely accesses his online payment account;

    b) Payer initiatse electronic payment operation;

    c) Payer does any action through a remote channel that carries the risk of fraud and/or other illegal action.


    The Regulation describes the exceptions and circumstances when the payment service provider is entitled not to perform strong cusromer authentication.


    The Regulation’s transitional provisions refer to deadlines for ensuring compliance with various issues.