The European Banking Authority (EBA) has published a new set of clarifications regarding APIs under PSD2.
Issues were raised by the EBA’s Working Group, which was established earlier in the year to help ensure PSD2 is implemented smoothly.
Its clarifications cover the confirmation of payment execution, biometrics and authentication on mobile apps, access to non-payment account information, stress testing, qualified eIDAS certificates for Account Servicing Payment Service Providers (ASPSPs), the 4 times per day access by Account Initiation Service Providers (AISPs), and the Sharing of payment account number with Payment Initiation Service Providers (PISPs).
Earlier in the year, the EBA established the working group which is compiled of 30 individuals representing account servicing payment service providers (ASPSPs), third party providers (TPPs), API initiatives, and other market participants.
The goal of the group was to support the market preparedness for the regulatory technical standard on Strong Customer Authentication and Common and Secure Communication. It also aims to support the development of high-performing and customer-focused APIs.
Its taskforce explores issues and challenges market participants face during the testing and use of APIs.
The EBA expects to make further clarifications in the coming weeks.
As the September deadline for PSD2 draws nearer, the regulator has been trying to ensure the implementation date comes by smoothly.
Last month, the regulator issued an opinion on the Strong Customer Authentication (SCA) aspect of PSD2, following a number of queries. Questions had been raised in response to the market preparedness for the necessary changes. The EBA believes there has already been enough time to get ready and so it will not extend the deadline; however, it has offered extensions on an exceptional basis.
There is much concern propping up in the market for the deadline of PSD2. Open banking solution developer Tink believes none of the tested bank APIs in the market meet the regulation’s necessary requirements. According to its study, it could not find an API which would support its integration.
Copyright © 2019 FinTech Global
Copyright © 2018 RegTech Analyst