The European Banking Authority (EBA) has published a letter that it has received from the European Parliament about the development of regulatory technical standards (RTS) on strong customer authentication (SCA) and secure communications (SC) under the recast Payment Services Directive (PSD 2).
The letter mentions that the European Parliament’s negotiating team on the PSD 2 is concerned about the EBA’s proposal in draft Article 19 RTS for a so-called mandatory “dedicated interface” which bears the risk of giving to account servicing payment service providers (ASPSPs) the possibility to exclude or limit direct access to the payer’s account via existing online banking facilities. The European Parliament’s negotiating team believes that a mandatory “dedicated interface” would go against the principle set out in Article 98(2) of the PSD2, which mandates the EBA to develop RTS in order to secure and maintain fair competition among all payment service providers and to ensure technology and business-model neutrality.
Against this background the European Parliament’s negotiating team believes that the RTS will have to ensure that:
- payment initiation service providers (PISPs) and account information service providers (AISPs) can use at all times direct access via all the customer-facing interfaces of the ASPSP;
- the ASPSP fulfils its obligations as outlined in Articles 66(4) and 67(3) of the PSD 2 also when PISP and AISP uses direct access via the interface of the ASPSP; and
- the ASPSP makes it technically possible for PISPs and AISPs to rely on the authentication procedures offered by the ASPSP to the account holder.
In addition, the letter also mentions that the European Parliament’s negotiating team finds that the current drafting of the RTS is unclear as regards the exemptions from the SCA.
View European Parliament letter to EBA on RTS on strong customer authentication under PSD2, 11 November 2016