On 4 June 2020, the European Banking Authority (EBA) issued an opinion on the obstacles to the provision of third party provider services (TPPs) under the regulatory technical standards (RTS) on strong customer authentication (SCA) and common and secure communication (CSC).
Article 32(3) of the RTS on SCA and CSC requires account servicing payment service providers (ASPSPs) that have implemented a dedicated interface to ensure that the interface does not create obstacles to the provision of payment initiation and account information services. By publishing the opinion, the EBA responds to requests for clarification as to whether certain market practices constitute such obstacles.
n particular, the opinion seeks to clarify when mandatory redirection is an obstacle to the provision of TPPs’ services and the authentication procedures that ASPSPs’ interfaces are required to support. The opinion also provides clarifications on a number of obstacles identified in the market, including requiring multiple SCAs, the manual entry of the IBAN in the ASPSPs’ domain, or imposing additional checks of the consent given by the customer to the TPP. The opinion also explains that requiring re-authentication every 90 days for account information services in accordance with the RTS on SCA and CSC is not an obstacle.